The LimeSurvey Fund-Raiser 2012 is complete. Thank you for donating a total of 25,000 USD!     List of donors »
Welcome, Guest
Username: Password: Remember me
Forgot your password? Forgot your username?
  • Page:
  • 1

TOPIC: LimeSurvey Security Advisory 2009/04/29

LimeSurvey Security Advisory 2009/04/29 1 year 6 months ago #68821

  • c_schmitz
  • c_schmitz's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 614
  • Thank you received: 71
  • Karma: 77

There has been a issue uncovered with the latest LimeSurvey versions.

Type of issue:
Security issue by that an attacker get access to your LimeSurvey administration and files and can possibly change these - this allows for remote execution and data disclosure.

Affected LimeSurvey versions:
- LimeSurvey 1.80RC4, 1.80, 1.80+, 1.81, 1.81+ (all Builds) (released around January-April 2009)

Exploits in the Wild:
This issue was discoverd during a security audit by Dan Schwister (thank you Dan!). Therefore there is no exploit in the wild (yet).

Advised solution:
Update as soon as possible to the latest LimeSurvey 1.82 or later version available from http://www.limesurvey.org

Quick fix:
Remove the /admin/remotecontrol/ directory to disable the security problem.

Read more...
Support us, too. Donate to the LimeSurvey project and help keep us going!
The administrator has disabled public write access.
  • Page:
  • 1
Time to create page: 0.158 seconds
Donation Image