How secure is LimeSurvey? Injection attacks | File inclusion | Security

More
4 years 8 months ago #85212 by Mike1985
Mike1985 created the topic: How secure is LimeSurvey? Injection attacks | File inclusion | Security
How secure is LimeSurvey with regards to SQL injection attacks etc? I found this online;

http://cxsecurity.com/issue/WLB-2012070061

it looks like the $homedir has not been checked in this case. Something similar here;

http://bot24.blogspot.co.uk/2012/06/limesurvey-192-build120620-multiple.html#!/2012/06/limesurvey-192-build120620-multiple.html

I've checked the bug tracker but can't find any mention of these. They're relevant to the latest release.

Are there any other security issues out there we should be aware of?

Thanks

Mike

Please Log in to join the conversation.

More
4 years 8 months ago #85213 by mdekker
mdekker replied the topic: How secure is LimeSurvey? Injection attacks | File inclusion | Security
Please report these issues in our Bugtracker so one of the developers can take care of it.

---
Menno Dekker

Please Log in to join the conversation.

More
4 years 8 months ago #85215 by Mike1985
Mike1985 replied the topic: How secure is LimeSurvey? Injection attacks | File inclusion | Security
I've managed to trace that first issue back and it seems it is secure.

That second one though...... I don't even know what it does, so I'm reluctant to open a Bugtracker.

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now