Latest Forum Posts

Java Script error
vvrao10381 01-05-09 10:04
Re:Invitations
webmaster 01-05-09 01:06
Generating summaries
hendrik 30-04-09 22:27
Re:JS warning errors on new install
chinaski 30-04-09 19:48
Re:redirect automatically after survey
danielawaranie 30-04-09 19:46
Design an array whose size depends from ...
plhostis 30-04-09 19:14
Re:crear conjunto de etiquetas importand...
computin 30-04-09 19:09
Re:Email Notofications
vvrao10381 30-04-09 17:44

More...
Home
LimeSurvey Security Advisory 2009/04/29 Print E-mail
Wednesday, 29 April 2009

There has been a issue uncovered with the latest LimeSurvey versions.

Type of issue:
Security issue by that an attacker get access to your LimeSurvey administration and files and can possibly change these - this allows for remote execution and data disclosure.

Affected LimeSurvey versions:
- LimeSurvey 1.80RC4, 1.80, 1.80+, 1.81, 1.81+ (all Builds) (released around January-April 2009)

Exploits in the Wild:
This issue was discoverd during a security audit by Dan Schwister (thank you Dan!). Therefore there is no exploit in the wild (yet).

Advised solution:
Update as soon as possible to the latest LimeSurvey 1.82 or later version available from http://www.limesurvey.org

Quick fix:
Remove the /admin/remotecontrol/ directory to disable the security problem.

Last Updated ( Thursday, 30 April 2009 )
 
Next >
[ Back ]
Download Button
b_g_ls_1_4.png

New release? Get notified!




User Buzz

"I can highly recommend LimeSurvey. Not only does it have more features than the commercial ones I tried to install, but it is also free." Andy Williams in his newsletter
 

Login

Who is online?

We have 20 guests and 3 members online

Add us!

  Post to del.icio.us

Supporters

Coded using PHPEd from
NuSphere Logo
 
Get LimeSurvey - THE Online Survey Tool at SourceForge.net. Fast, secure and Free Open Source software downloads
 
  Ohloh Metrics
 
Alexa Certified Site Stats for www.limesurvey.org
 
Buy a T-Shirt

Donation Image