CVE-2026-50636

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

EUVD-2026-35770

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

LimeSurvey SQL注入漏洞

LimeSurvey PHPSurveyor is a set of open-source online survey programs developed by the LimeSurvey team. It supports survey program development, survey questionnaire publishing, and data collection functions. LimeSurvey has a SQL injection vulnerability. This vulnerability arises from the...

CVE-2023-32563

An unauthenticated attacker could achieve the code execution through a RemoteControl server...

CVE-2023-32563

An unauthenticated attacker could achieve the code execution through a RemoteControl server...

CVE-2023-32563

An unauthenticated attacker could achieve the code execution through a RemoteControl server...

CVE-2023-32563

Ivanti Avalanche is affected by a RemoteCode Execution vulnerability (CVE-2023-32563) in the RemoteControl server component. The NVD/Nuclei entries describe unauthenticated code execution with CVSS v3.1/3.0 scores (9.8 critical, 8.8 high in alternative metrics) via the RemoteControl server, impac...

LimeSurvey Information Disclosure Vulnerability

This host is running LimeSurvey and is prone to Information Disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodlimesurveyinfodiscvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ LimeSurvey Information Disclosure Vulnerability Authors: Sharath S Copyright: Copyright c 2009 SecPod,...