CVE-2019-16184

Опубликовано: 09 сент. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

Ссылки

https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e#diff-d539f3f8185667ee48db78e1bf65a3b4R46
Patch
Release Notes
Third Party Advisory
https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released
Release Notes
Vendor Advisory
https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e#diff-d539f3f8185667ee48db78e1bf65a3b4R46
Patch
Release Notes
Third Party Advisory
https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*

Версия до 3.17.14 (исключая)

EPSS

Процентиль: 68%

0.00577

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1236

Связанные уязвимости

CVE-2019-16184

CVSS3: 9.8

debian

больше 6 лет назад

A CSV injection vulnerability was found in Limesurvey before 3.17.14 t ...

GHSA-9g94-vwqg-p7wx

CVSS3: 9.8

github

больше 3 лет назад

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

EPSS

Процентиль: 68%

0.00577

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1236