LimeSurvey Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2024-39063 - Vulnerability Database

LimeSurvey Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2024-39063

High

Reference: CVE-2024-39063

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-39063

Title: LimeSurvey Cross-Site Request Forgery (CSRF) Vulnerability

Overview:

Lime Survey lt 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests but the same check isn39t performed in the equivalent GET requests.