CSV Injection Vulnerability in Limesurvey before 3.17.14 Allows Command Injection via Survey Responses

CSV Injection Vulnerability in Limesurvey before 3.17.14 Allows Command Injection via Survey Responses

CVE-2019-16184 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

Learn more about our Web Application Penetration Testing UK.