Check out the LimeSurvey source code on GitHub!

How secure is LimeSurvey? Injection attacks | File inclusion | Security

More
4 years 4 months ago #85212 by Mike1985
How secure is LimeSurvey with regards to SQL injection attacks etc? I found this online;

http://cxsecurity.com/issue/WLB-2012070061

it looks like the $homedir has not been checked in this case. Something similar here;

http://bot24.blogspot.co.uk/2012/06/limesurvey-192-build120620-multiple.html#!/2012/06/limesurvey-192-build120620-multiple.html

I've checked the bug tracker but can't find any mention of these. They're relevant to the latest release.

Are there any other security issues out there we should be aware of?

Thanks

Mike

Please Log in to join the conversation.

More
4 years 4 months ago #85213 by mdekker
Please report these issues in our bugtracker so one of the developers can take care of it.

---
Menno Dekker

Please Log in to join the conversation.

More
4 years 4 months ago #85215 by Mike1985
I've managed to trace that first issue back and it seems it is secure.

That second one though...... I don't even know what it does, so I'm reluctant to open a bugtracker.

Please Log in to join the conversation.

Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form