Test ID:	1.3.6.1.4.1.25623.1.0.106064
Category:	Web application abuses
Title:	LimeSurvey 2.05x < 2.06+ Multiple Vulnerabilities
Summary:	LimeSurvey is prone to multiple vulnerabilities
Description:	Summary: LimeSurvey is prone to multiple vulnerabilities Vulnerability Insight: The following vulnerabilities exist: - Unauthenticated local file disclosure An attacker can craft a malicious PHP serialized string containing a list of arbitrary files. This list can be sent to the Lime Survey backup feature for downloading without prior authentication. Any files accessible with the privileges of the web server user can be downloaded. - Unauthenticated database dump An attacker can request the database backup feature without authentication. The whole Lime Survey database can be downloaded including username and hashed password of the administrator account. - Unauthenticated arbitrary remote code execution An attacker can inject arbitrary PHP code into the application source code allowing to plant a malicious web backdoor to access underlying web server. - Multiple reflective cross-site scripting The application is prone to multiple reflective cross-site scripting vulnerabilities. Vulnerability Impact: The impact ranges from unauthenticated file disclosure until remote code execution. Affected Software/OS: LimeSurvey version 2.05 to 2.06+ Build 151014 Solution: Update to LimeSurvey 2.06+ Build 151016 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.