ID de Prueba:	1.3.6.1.4.1.25623.1.0.106064
Categoría:	Web application abuses
Título:	LimeSurvey 2.05x < 2.06+ Multiple Vulnerabilities
Resumen:	LimeSurvey is prone to multiple vulnerabilities
Descripción:	Summary: LimeSurvey is prone to multiple vulnerabilities Vulnerability Insight: The following vulnerabilities exist: - Unauthenticated local file disclosure An attacker can craft a malicious PHP serialized string containing a list of arbitrary files. This list can be sent to the Lime Survey backup feature for downloading without prior authentication. Any files accessible with the privileges of the web server user can be downloaded. - Unauthenticated database dump An attacker can request the database backup feature without authentication. The whole Lime Survey database can be downloaded including username and hashed password of the administrator account. - Unauthenticated arbitrary remote code execution An attacker can inject arbitrary PHP code into the application source code allowing to plant a malicious web backdoor to access underlying web server. - Multiple reflective cross-site scripting The application is prone to multiple reflective cross-site scripting vulnerabilities. Vulnerability Impact: The impact ranges from unauthenticated file disclosure until remote code execution. Affected Software/OS: LimeSurvey version 2.05 to 2.06+ Build 151014 Solution: Update to LimeSurvey 2.06+ Build 151016 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.