Home > Vulnerability Database > WS-2023-0128

Mend.io Vulnerability Database

WS-2023-0128

Good to know:

Date: April 17, 2023

In limesurvey prior to 5.6.16 it is possible to change admin email and password without current password validation if they forgot to logout or lock their computer in public places.

Language: PHP

Severity Score

5.7

Related Resources (2)

Url: https://github.com/limesurvey/limesurvey/commit/10d55130d486ae94caf6e4bb6b465a7c5b20b376

Url: https://www.mend.io/vulnerability-database/WS-2023-0128

Severity Score

5.7

Weakness Type (CWE)

Unverified Password Change

CWE-620

Top Fix

Upgrade Version

Upgrade to version 5.6.16+230418

Learn More

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2023-0128

Good to know:

Date: April 17, 2023

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?