CVE-2012-4994
EUVD-2012-491819.09.2012, 19:55
SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third party information.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| limesurvey | limesurvey | 𝑥 ≤ 1.91\+ |
| limesurvey | limesurvey | 1.01 |
| limesurvey | limesurvey | 1.50 |
| limesurvey | limesurvey | 1.52 |
| limesurvey | limesurvey | 1.53\+ |
| limesurvey | limesurvey | 1.70\+ |
| limesurvey | limesurvey | 1.71\+ |
| limesurvey | limesurvey | 1.72 |
| limesurvey | limesurvey | 1.80\+ |
| limesurvey | limesurvey | 1.81\+ |
| limesurvey | limesurvey | 1.82\+ |
| limesurvey | limesurvey | 1.85 |
| limesurvey | limesurvey | 1.86 |
| limesurvey | limesurvey | 1.87\+ |
| limesurvey | limesurvey | 1.90\+ |
𝑥
= Vulnerable software versions
References