CVE-2019-16174

Опубликовано: 09 сент. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.

Ссылки

https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e#diff-d539f3f8185667ee48db78e1bf65a3b4R40
Patch
Release Notes
Third Party Advisory
https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released
Release Notes
Vendor Advisory
https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e#diff-d539f3f8185667ee48db78e1bf65a3b4R40
Patch
Release Notes
Third Party Advisory
https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*

Версия до 3.17.14 (исключая)

EPSS

Процентиль: 78%

0.01128

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

CVE-2019-16174

CVSS3: 8.8

debian

больше 6 лет назад

An XML injection vulnerability was found in Limesurvey before 3.17.14 ...

GHSA-jhh2-vhmg-x3cq

CVSS3: 8.8

github

больше 3 лет назад

An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.

EPSS

Процентиль: 78%

0.01128

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-611