LimeSurvey Security Advisory 2009/04/29
There has been a issue uncovered with the latest LimeSurvey versions.
Type of issue:
Security issue by that an attacker get access to your LimeSurvey administration and files and can possibly change these - this allows for remote execution and data disclosure.
Affected LimeSurvey versions:
- LimeSurvey 1.80RC4, 1.80, 1.80+, 1.81, 1.81+ (all Builds) (released around January-April 2009)
Exploits in the Wild:
This issue was discoverd during a security audit by Dan Schwister (thank you Dan!). Therefore there is no exploit in the wild (yet).
Update as soon as possible to the latest LimeSurvey 1.82 or later version available from http://www.limesurvey.org
Remove the /admin/remotecontrol/ directory to disable the security problem.