We found results for “”
WS-2023-0128
Good to know:
Date: April 17, 2023
In limesurvey prior to 5.6.16 it is possible to change admin email and password without current password validation if they forgot to logout or lock their computer in public places.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Unverified Password Change
CWE-620Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | LOW |
Availability (A): | LOW |