View Issue Details

IDProjectCategoryView StatusLast Update
14609Bug reports[All Projects] Import/Exportpublic2019-04-02 16:41
ReporterrealitixAssigned Toollehar 
PrioritynoneSeveritymajor 
Status closedResolutionfixed 
Product Version3.15.x 
Target VersionFixed in Version3.17.x 
Summary14609: [SECURITY] Prevent SID of 0 during import
Description

Hello,

When you import a survey, if the sid is 0, it will crash all the application.
Indeed, an attacker can manually set the sid to 0 in the .lss file.

The import works but then the application will crash at several places and the survey is impossible to delete.
Warning, if you try to reproduce this bug, you will need to delete the survey in database.

I'm sending the pull request that fixes it.

Steps To Reproduce
  1. Create a new survey by importing the joined .lss file
  2. Try to delete it
TagsNo tags attached.
Complete LimeSurvey version number (& build)master 3.15.9
I will donate to the project if issue is resolvedNo
Browser
Database & DB-Version0
Server OS (if known)
Webserver software & version (if known)
PHP Version0

Activities

realitix

realitix

2019-03-06 12:34

reporter  

limesurvey_survey_947165.lss (12,850 bytes)
realitix

realitix

2019-03-06 12:36

reporter   ~50791

Here the pull request: https://github.com/LimeSurvey/LimeSurvey/pull/1240

Issue History

Date Modified Username Field Change
2019-03-06 12:34 realitix New Issue
2019-03-06 12:34 realitix File Added: limesurvey_survey_947165.lss
2019-03-06 12:36 realitix Note Added: 50791
2019-04-02 16:41 ollehar Assigned To => ollehar
2019-04-02 16:41 ollehar Status new => closed
2019-04-02 16:41 ollehar Resolution open => fixed
2019-04-02 16:41 ollehar Fixed in Version => 3.17.x