Home > Vulnerability Database > WS-2023-0426

Mend.io Vulnerability Database

WS-2023-0426

Good to know:

Date: November 7, 2023

Email Sending Abuse in limesurvey before 6.3.3+231106: Users may abuse email sending permissions to send spam or unwanted emails to all group members. This can lead to overload on the email system and waste the recipient's time dealing with irrelevant emails.

Language: PHP

Severity Score

7.4

Related Resources (2)

Url: https://github.com/limesurvey/limesurvey/commit/cdcf12b8870a9c8bfcaaa579ef22e425802e101f

Url: https://www.mend.io/vulnerability-database/WS-2023-0426

Severity Score

7.4

Weakness Type (CWE)

Improper Handling of Insufficient Privileges

CWE-274

Top Fix

Upgrade Version

Upgrade to version 6.3.3+231106

Learn More

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2023-0426

Good to know:

Date: November 7, 2023

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?