Latest forum posts

LimeSurvey Security Advisory 2009/04/29

There has been a issue uncovered with the latest LimeSurvey versions.

Type of issue:
Security issue by that an attacker get access to your LimeSurvey administration and files and can possibly change these - this allows for remote execution and data disclosure.

Affected LimeSurvey versions:
- LimeSurvey 1.80RC4, 1.80, 1.80+, 1.81, 1.81+ (all Builds) (released around January-April 2009)

Exploits in the Wild:
This issue was discoverd during a security audit by Dan Schwister (thank you Dan!). Therefore there is no exploit in the wild (yet).

Advised solution:
Update as soon as possible to the latest LimeSurvey 1.82 or later version available from http://www.limesurvey.org

Quick fix:
Remove the /admin/remotecontrol/ directory to disable the security problem.

d_b_1_1
b_g_ls_1_5

Supporters

Survey respondents needed? Book respondents from 40+ countries for your research survey.


demetra Demetra opinioni.net
- the gold standard CATI, CAWI and CAMI surveys


LimeSurvey cooperates with Statista – the Portal for Statistics and Surveys regarding the development of new modules


NuSPhere PhpEd logo
NuSphere supports the LimeSurvey project!

Get notified...

... on new releases. Subscribe to our RSS feed for LimeSurvey updates/releases:

rss RSS feed for LimeSurvey releases

Login

Who is online?

Donation Image