CVE-2018-1000053
Last modified
CVE-2018-1000053 is a vulnerability of currently unknown severity. LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be used to send a GET request to the affected endpoint.. EPSS estimates a 0.60% chance of exploitation in the next 30 days.
Description
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be used to send a GET request to the affected endpoint.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Limesurvey | Limesurvey | 3.0.0 | Beta3 |
References
- https://github.com/LimeSurvey/LimeSurvey/commit/1e440208a8d8bfd71ad7802e6369a136e8bba3ddPatch, Third Party Advisory
- https://github.com/LimeSurvey/LimeSurvey/commit/1e440208a8d8bfd71ad7802e6369a136e8bba3ddPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000053?
How severe is CVE-2018-1000053?
How do I fix CVE-2018-1000053?
Are you affected by CVE-2018-1000053?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST