LimeSurvey Security Advisory 2009/04/29 |
|
|
Wednesday, 29 April 2009 |
There has been a issue uncovered with the latest LimeSurvey versions.
Type of issue:
Security issue by that an
attacker get access to your LimeSurvey administration and files and can possibly change these - this allows for remote execution and data disclosure.
Affected LimeSurvey versions:
- LimeSurvey 1.80RC4, 1.80, 1.80+, 1.81, 1.81+ (all Builds) (released around January-April 2009)
Exploits in the Wild:
This issue was discoverd during a security audit by Dan Schwister (thank you Dan!). Therefore there is no exploit in the wild (yet).
Advised solution:
Update as soon as possible to the latest LimeSurvey 1.82 or later version available from http://www.limesurvey.org
Quick fix:
Remove the /admin/remotecontrol/ directory to disable the security problem.
|
Last Updated ( Thursday, 30 April 2009 )
|