Welcome, Guest
Username: Password: Remember me

TOPIC: How secure is LimeSurvey? Injection attacks | File inclusion | Security

How secure is LimeSurvey? Injection attacks | File inclusion | Security 1 year 7 months ago #85212

  • Mike1985
  • Mike1985's Avatar
  • OFFLINE
  • Senior Lime
  • Posts: 49
  • Karma: 0
How secure is LimeSurvey with regards to SQL injection attacks etc? I found this online;

http://cxsecurity.com/issue/WLB-2012070061

it looks like the $homedir has not been checked in this case. Something similar here;

http://bot24.blogspot.co.uk/2012/06/limesurvey-192-build120620-multiple.html#!/2012/06/limesurvey-192-build120620-multiple.html

I've checked the bug tracker but can't find any mention of these. They're relevant to the latest release.

Are there any other security issues out there we should be aware of?

Thanks

Mike
The administrator has disabled public write access.

Re: How secure is LimeSurvey? Injection attacks | File inclusion | Security 1 year 7 months ago #85213

  • mdekker
  • mdekker's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 340
  • Thank you received: 68
  • Karma: 38
Please report these issues in our bugtracker so one of the developers can take care of it.
---
Menno Dekker
The administrator has disabled public write access.

Re: How secure is LimeSurvey? Injection attacks | File inclusion | Security 1 year 7 months ago #85215

  • Mike1985
  • Mike1985's Avatar
  • OFFLINE
  • Senior Lime
  • Posts: 49
  • Karma: 0
I've managed to trace that first issue back and it seems it is secure.

That second one though...... I don't even know what it does, so I'm reluctant to open a bugtracker.
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.095 seconds
Donation Image