Skip to main content

Limesurvey CVE-2019-16177

HIGH
Information Exposure (CWE-200)
2019-09-09 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 09, 2019 - 21:15 nvd
HIGH 7.5

DescriptionNVD

In Limesurvey before 3.17.14, the entire database is exposed through browser caching.

AnalysisAI

In Limesurvey before 3.17.14, the entire database is exposed through browser caching. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. In Limesurvey before 3.17.14, the entire database is exposed through browser caching. Affected products include: Limesurvey. Version information: before 3.17.14.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2020-11455 CRITICAL POC
9.8 Apr 01

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileM

CVE-2019-9960 CRITICAL POC
9.8 Mar 24

The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relati

CVE-2018-17057 CRITICAL POC
9.8 Sep 14

An issue was discovered in TCPDF before 6.2.22. Rated critical severity (CVSS 9.8), this vulnerability is remotely explo

CVE-2024-42902 HIGH POC
8.8 Sep 03

An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via

CVE-2024-39063 HIGH POC
8.8 Jul 09

Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerabi

CVE-2012-4927 HIGH POC
7.5 Sep 15

SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attack

CVE-2014-5017 HIGH POC
7.5 Jul 21

SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 14

CVE-2022-43279 HIGH POC
7.2 Nov 15

LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/th

CVE-2024-24506 MEDIUM POC
6.1 Apr 03

Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attacke

CVE-2021-42112 MEDIUM POC
6.1 Oct 08

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.

CVE-2019-17660 MEDIUM POC
6.1 Oct 16

A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier

CVE-2025-56422 CRITICAL
9.8 Mar 10

LimeSurvey before v6.15.0 has an insecure deserialization enabling remote code execution through crafted survey data.

Share

CVE-2019-16177 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy