10 matches found
CVE-2026-50636
The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...
EUVD-2026-35770
The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...
CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection
The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...
CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection
The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...
LimeSurvey SQL注入漏洞
LimeSurvey PHPSurveyor is a set of open-source online survey programs developed by the LimeSurvey team. It supports survey program development, survey questionnaire publishing, and data collection functions. LimeSurvey has a SQL injection vulnerability. This vulnerability arises from the...
CVE-2023-32563
An unauthenticated attacker could achieve the code execution through a RemoteControl server...
CVE-2023-32563
An unauthenticated attacker could achieve the code execution through a RemoteControl server...
CVE-2023-32563
Ivanti Avalanche is affected by a RemoteCode Execution vulnerability (CVE-2023-32563) in the RemoteControl server component. The NVD/Nuclei entries describe unauthenticated code execution with CVSS v3.1/3.0 scores (9.8 critical, 8.8 high in alternative metrics) via the RemoteControl server, impac...
CVE-2023-32563
An unauthenticated attacker could achieve the code execution through a RemoteControl server...
LimeSurvey Information Disclosure Vulnerability
This host is running LimeSurvey and is prone to Information Disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodlimesurveyinfodiscvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ LimeSurvey Information Disclosure Vulnerability Authors: Sharath S Copyright: Copyright c 2009 SecPod,...