LimeSurvey Security Advisory 2014/09

In LimeSurvey there existed a vulnerability (CVE-2014-6227) that allows an attacker to gain superadministrator access to the LimeSurvey application. This issue affects all 2.00 versions and all 2.05 versions before build 140821. All newer builds of 2.05 (starting with build 140821) are not affected.

Although there is currently no known exploit in the wild we strongly recommend to update all older versions to the latest LimeSurvey version immediately. After update you should check for unknown administrator accounts in LimeSurvey.

Note: If you are a LimeService user you don't need to worry as we make sure (before anything else) that LimeService always uses the latest build/security patches.

Copyright © 2006- LimeSurvey GmbH