CVE-2024-6933

Sažetak

A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings of the component Survey General Settings Handler. This manipulation of the argument Language causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 6.6.2+240827 can resolve this issue. Patch name: d656d2c7980b7642560977f4780e64533a68e13d. You should upgrade the affected component.

Reference

https://community.limesurvey.org/downloads/
https://github.com/Hebing123/cve/issues/55
https://github.com/LimeSurvey/LimeSurvey/commit/d656d2c7980b7642560977f4780e64533a68e13d
https://vuldb.com/?ctiid.271988
https://vuldb.com/?id.271988
https://vuldb.com/?submit.372007
https://github.com/Hebing123/cve/issues/55
https://vuldb.com/?ctiid.271988
https://vuldb.com/?id.271988
https://vuldb.com/?submit.372007

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

30-01-2026 - 21:41

Objavljeno

21-07-2024 - 01:15