Lime Survey <= 6.5.12 is vulnerable to Cross Site Request...
High severity
Unreviewed
Published
Jul 9, 2024
to the GitHub Advisory Database
•
Updated Aug 1, 2024
Description
Published by the National Vulnerability Database
Jul 9, 2024
Published to the GitHub Advisory Database
Jul 9, 2024
Last updated
Aug 1, 2024
Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests.
References