CVE-2024-6933

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-6933

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6933.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6933

Published

2024-07-21T01:15:10.040Z

Modified

2026-04-02T12:26:16.447273Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings of the component Survey General Settings Handler. This manipulation of the argument Language causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 6.6.2+240827 can resolve this issue. Patch name: d656d2c7980b7642560977f4780e64533a68e13d. You should upgrade the affected component.

References

Affected packages

Git / github.com/limesurvey/limesurvey

Affected ranges

Type

GIT

Repo

https://github.com/limesurvey/limesurvey

Events

Introduced

ac3c44744e2c3769b3941c41e50b68419423ce67

Fixed

6e875ef208606d963208b1fde4e99d875a73d73b

Fixed

d656d2c7980b7642560977f4780e64533a68e13d

Database specific

{
    "versions": [
        {
            "introduced": "6.5.14"
        },
        {
            "fixed": "6.6.2"
        }
    ]
}

Affected versions

6.*

6.5.14+240624

6.5.15+240701

6.5.16+240708

6.5.17+240715

6.5.18+240723

6.6.0+240729

6.6.1+240806

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6933.json"