BIT-LIMESURVEY-2025-41076 Multiple vulnerabilities in Limesurvey

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

CVE-2025-41076 Multiple vulnerabilities in Limesurvey

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

CVE-2025-41076

LimeSurvey 6.13.0 is affected by an information-exposure issue triggered by malformed session cookies, causing HTTP 500 errors that leak internal backend details. The reports consistently specify exposure of backend stack elements such as the Yii framework, the MySQL/MariaDB engine, table name li...

PT-2025-47571

Name of the Vulnerable Software and Affected Versions LimeSurvey version 6.13.0 Description A flaw exists that allows an external user to trigger a 500 error within the survey system by submitting a crafted session cookie. This results in the disclosure of internal backend details, including the...