LimeSurvey security advisory 9/4/2009

Written on 10 April 2009. Posted in Security.

There has been a issue uncovered with an older LimeSurvey version, namely Version 1.71+.

Type of issue:
A version of FCKeditor (namely 2.6.2) which was used at the time inside the LimeSurvey software appears to have a security issue by that an attacker get access to your files and change these.

Affected LimeSurvey versions:
- LimeSurvey 1.71+ in the range of Build 5245 to 5496 (released around March-April 2008)

Exploits in the Wild:
Unspecified exploit does exist - please refer to this forum topic for further details

Advised solution:
Update to the latest LimeSurvey 1.80+ or later version available from http://www.limesurvey.org

Recommendations:
Check other PHP files on the same webspace for infections of the same kind.