CVE-2018-1000053: CSRF
First published: Fri Feb 09 2018(Updated: )
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be used to send a GET request to the affected endpoint.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Limesurvey Limesurvey | =3.0.0-beta3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1000053?
CVE-2018-1000053 is a Cross-Site Request Forgery (CSRF) vulnerability in LimeSurvey version 3.0.0-beta.3+17110.
How does CVE-2018-1000053 impact LimeSurvey?
CVE-2018-1000053 can result in CSRF attacks causing LimeSurvey admins to accidentally delete all their themes, rendering the website unusable.
What is the severity of CVE-2018-1000053?
CVE-2018-1000053 has a severity rating of 8.8 (high) according to CVSS v3.0.
How can LimeSurvey admins fix CVE-2018-1000053?
LimeSurvey admins should update to a patched version of LimeSurvey, such as version 3.0.0-beta.4 or later, which fixes the CSRF vulnerability.
Where can I find more information about CVE-2018-1000053?
For more information about CVE-2018-1000053, you can visit the reference link provided: https://github.com/LimeSurvey/LimeSurvey/commit/1e440208a8d8bfd71ad7802e6369a136e8bba3dd
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/limesurvey
- canonical/limesurvey limesurvey
- version/limesurvey limesurvey/3.0.0-beta3