CVE-2024-6933

Description

A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings of the component Survey General Settings Handler. This manipulation of the argument Language causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 6.6.2+240827 can resolve this issue. Patch name: d656d2c7980b7642560977f4780e64533a68e13d. You should upgrade the affected component.

PUBLISHED Reserved 2024-07-20 | Published 2024-07-21 | Updated 2025-12-09 | Assigner VulDB

Problem types

SQL Injection

Injection

Timeline

Credits

jiashenghe (VulDB User) reporter

Deckard (VulDB User) analyst

References

vuldb.com/?id.271988 (VDB-271988 | LimeSurvey Survey General Settings actionUpdateSurveyLocaleSettingsGeneralSettings sql injection) vdb-entry technical-description

vuldb.com/?ctiid.271988 (VDB-271988 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.372007 (Submit #372007 | LimeSurvey 6.5.14-240624 SQL Injection) third-party-advisory

github.com/Hebing123/cve/issues/55 exploit issue-tracking

vuldb.com/?id.271988 (VDB-271988 | LimeSurvey Survey General Settings updatesurveylocalesettings_generalsettings actionUpdateSurveyLocaleSettingsGeneralSettings sql injection) vdb-entry technical-description

vuldb.com/?ctiid.271988 (VDB-271988 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.372007 (Submit #372007 | LimeSurvey 6.5.14-240624 SQL Injection) third-party-advisory

github.com/Hebing123/cve/issues/55 exploit issue-tracking

github.com/...ommit/d656d2c7980b7642560977f4780e64533a68e13d patch

community.limesurvey.org/downloads/ patch

cve.org (CVE-2024-6933)

nvd.nist.gov (CVE-2024-6933)