XML Injection Vulnerability in Limesurvey before 3.17.14 Allows Remote Code Execution and Data Compromise

XML Injection Vulnerability in Limesurvey before 3.17.14 Allows Remote Code Execution and Data Compromise

CVE-2019-16174 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.

Learn more about our Web Application Penetration Testing UK.