Description
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75440
Various Sources x_refsource_confirm
https://bugs.limesurvey.org/view.php?id=9720
Patch x_refsource_confirm
https://github.com/LimeSurvey/LimeSurvey/commit/65d717415a271242b9a30a5330d4eabac1c1a837
Various Sources x_refsource_confirm
https://bugs.limesurvey.org/plugin.php?page=Source/view&id=15509
Scores
EPSS
0.0030
EPSS Percentile
53.6%
Details
CWE
CWE-89
Status
published
Products (1)
limesurvey/limesurvey
2.06\+
Published
Jun 28, 2015
Tracked Since
Feb 18, 2026