LimeSurvey security advisory 9/4/2009
There has been a issue uncovered with an older LimeSurvey version, namely Version 1.71+.
Type of issue:
A version of FCKeditor (namely 2.6.2) which was used at the time inside the LimeSurvey software appears to have a security issue by that an attacker get access to your files and change these.
Affected LimeSurvey versions:
- LimeSurvey 1.71+ in the range of Build 5245 to 5496 (released around March-April 2008)
Exploits in the Wild:
Unspecified exploit does exist - please refer to this forum topic for further details
Advised solution:
Update to the latest LimeSurvey 1.80+ or later version available from http://www.limesurvey.org
Recommendations:
Check other PHP files on the same webspace for infections of the same kind.