View Issue Details

This bug affects 1 person(s).
 256
IDProjectCategoryView StatusLast Update
06544Bug reportsSecuritypublic2012-09-09 15:34
Reporteruser21570Assigned Tojcleeland  
PrioritynormalSeveritypartial_block 
Status closedResolutionfixed 
Product Version1.92+ 
Fixed in Version1.92+ 
Summary06544: SQL injection in activate_functions.php - parameter "fixnumbering"
Description

The parameter fixnumbering doesn't seem to be used in the normal
activation process but gets processed by the function "fixNumbering".

File: $LIMESURVEY/admin/activate_functions.php
Line: 30, 35
Request: http://limesurvey/admin/admin.php?action=activate&sid=123&fixnumbering=1 OR 1=1

Steps To Reproduce
Additional Information

Discovered by Markus Piéton (it.sec GmbH & Co. KG)

TagsNo tags attached.
Attached Files
Bug heat256
Complete LimeSurvey version number (& build)120822
I will donate to the project if issue is resolvedNo
Browser
Database type & versionMySQL
Server OS (if known)Linux
Webserver software & version (if known)Apache
PHP VersionPHP/5.3.3

Users monitoring this issue

c_schmitz

Activities

Mazi

Mazi

2012-09-06 15:22

updater   ~20630

Hi Jason,
I'm assigning some bug reports about some possible vulnerabilities to you because Carsten is on Holiday and will not return before Saturday (and will probably need 3-4 days to clean up his email inbox).

Maybe you can have a look and fix it or add a comment and assign it to Carsten if he should have a look later.

jcleeland

jcleeland

2012-09-08 02:47

reporter   ~20645

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=9453

Related Changesets

LimeSurvey: master d590d200

2012-09-07 19:46

jcleeland


Details Diff
Fixed issue 06544: SQL injection in activate_functions.php - parameter "fixnumbering" Affected Issues
06544
mod - admin/activate_functions.php Diff File

Issue History

Date Modified Username Field Change
2012-09-04 19:00 user21570 New Issue
2012-09-04 19:00 user21570 File Added: sql-injection-fixnumbering.pdf
2012-09-06 15:22 Mazi Issue Monitored: c_schmitz
2012-09-06 15:22 Mazi Assigned To => jcleeland
2012-09-06 15:22 Mazi Status new => assigned
2012-09-06 15:22 Mazi Note Added: 20630
2012-09-08 02:47 jcleeland Changeset attached => LimeSurvey master d590d200
2012-09-08 02:47 jcleeland Note Added: 20645
2012-09-08 02:47 jcleeland Resolution open => fixed
2012-09-08 02:47 jcleeland Status assigned => resolved
2012-09-08 02:47 jcleeland Fixed in Version => 1.92+
2012-09-09 15:34 c_schmitz Status resolved => closed
2021-08-02 19:52 guest Bug heat 254 => 256