Lucene search

[email protected]CVE-2015-4628

HistoryJun 18, 2015 - 10:59 a.m.

CVE-2015-4628

2015-06-1810:59:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2015-4628

sql injection

limesurvey

security vulnerability

nvd

8.9 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.6%

JSON

SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.

CPENameOperatorVersion
limesurvey:limesurveylimesurveyle2.06\+

CPE	Name	Operator	Version
limesurvey:limesurvey	limesurvey	le	2.06\+

References

www.securityfocus.com/bid/75301

bugs.limesurvey.org/view.php?id=9694

github.com/LimeSurvey/LimeSurvey/commit/b09edc0dbd18d8459ade4c7c941e562c16564f9e

github.com/LimeSurvey/LimeSurvey/commit/e15861a65b7028adfc23ef6af8563f645e318548

github.com/LimeSurvey/LimeSurvey/pull/331

8.9 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.6%

JSON

Related for CVE-2015-4628

cvelist1 prion1