Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Online Survey

LimeSurvey

LimeSurvey (formerly PHPSurveyor) is an open source online survey application written in PHP based on a MySQL PostgreSQL or MSSQL database. It enables users without coding knowledge to develop publish and collect responses to surveys. Surveys can include branching custom preferred layout and design (using a web template system) and can provide basic statistical analysis of survey results.

Official Site:

https://www.limesurvey.org/

Severity Summary:

Critical: 7 High: 13 Medium: 36 Low: 3
Reference
Title
Severity
CVE-2008-2570
LimeSurvey Vulnerability
Critical
CVE-2019-16184
LimeSurvey Improper Neutralization of Formula Elements in a CSV File Vulnerability
Critical
CVE-2019-25019
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2018-17057
LimeSurvey Deserialization of Untrusted Data Vulnerability
Critical
CVE-2022-48008
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability
Critical
CVE-2018-7556
LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Critical
CVE-2019-9960
LimeSurvey Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Critical
CVE-2012-4927
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-16177
LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2019-15640
LimeSurvey Improper Input Validation Vulnerability
High
CVE-2009-1604
LimeSurvey Vulnerability
High
CVE-2014-5017
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-44967
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2019-16186
LimeSurvey Incorrect Default Permissions Vulnerability
High
CVE-2019-16185
LimeSurvey Incorrect Default Permissions Vulnerability
High
CVE-2019-16174
LimeSurvey Improper Restriction of XML External Entity Reference Vulnerability
High
CVE-2019-16187
LimeSurvey Incorrect Permission Assignment for Critical Resource Vulnerability
High
CVE-2022-43279
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2018-1000659
LimeSurvey Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2018-1000658
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2014-5018
LimeSurvey Other Vulnerability
Medium
CVE-2015-4628
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2014-5016
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-42112
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-4995
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-4994
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2011-3752
LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2008-2571
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2007-5573
LimeSurvey Improper Control of Generation of Code (Code Injection) Vulnerability
Medium
CVE-2022-29710
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium