Latest forum posts

More Topics »

LimeSurvey Security Advisory 2009/04/29

There has been a issue uncovered with the latest LimeSurvey versions.

Type of issue:
Security issue by that an attacker get access to your LimeSurvey administration and files and can possibly change these - this allows for remote execution and data disclosure.

Affected LimeSurvey versions:
- LimeSurvey 1.80RC4, 1.80, 1.80+, 1.81, 1.81+ (all Builds) (released around January-April 2009)

Exploits in the Wild:
This issue was discoverd during a security audit by Dan Schwister (thank you Dan!). Therefore there is no exploit in the wild (yet).

Advised solution:
Update as soon as possible to the latest LimeSurvey 1.82 or later version available from http://www.limesurvey.org

Quick fix:
Remove the /admin/remotecontrol/ directory to disable the security problem.

d_b_1_1
b_g_ls_1_5

Supporters

Survey respondents needed? Book respondents from 40+ countries for your research survey.


NuSPhere PhpEd logo
NuSphere supports the LimeSurvey project!

Get notified...

... on new releases. Subscribe to our RSS feed for LimeSurvey updates/releases:

rss RSS feed for LimeSurvey releases

Login

Who is online?

None
Donation Image