VYPR
Critical severity9.1OSV Advisory· Published Feb 28, 2018· Updated Jun 17, 2026

CVE-2018-7556

CVE-2018-7556

Description

LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.

Affected products

2
  • Limesurvey/LimesurveyOSV2 versions
    1.45a, 1.45a_2007-02-24, 1.50_2007-08-06, …+ 1 more
    • (no CPE)range: 1.45a, 1.45a_2007-02-24, 1.50_2007-08-06, …
    • (no CPE)range: <2.6.7, <2.73.1, <3.4.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.