WS-2023-0128
Published:May 15, 2026
Updated:May 15, 2026
In limesurvey prior to 5.6.16 it is possible to change admin email and password without current password validation if they forgot to logout or lock their computer in public places.
Affected Packages
limesurvey/limesurvey (PHP):
Affected version(s) >=4.0.0-RC10+191202 <dev-on-update-values-v4Fix Suggestion:
Update to version dev-on-update-values-v4limesurvey/limesurvey (PHP):
Affected version(s) =5.0.0+210526 <dev-snyk-upgrade-2721d74513ebeb6a032896d25085b820Fix Suggestion:
Update to version dev-snyk-upgrade-2721d74513ebeb6a032896d25085b820limesurvey/limesurvey (PHP):
Affected version(s) >=2.2.5 <dev-3.x-LTSFix Suggestion:
Update to version dev-3.x-LTSlimesurvey/limesurvey (PHP):
Affected version(s) >=3.0.1+171228 <3.28.56+230404Fix Suggestion:
Update to version 3.28.56+230404limesurvey/limesurvey (PHP):
Affected version(s) >=5.0.1+210532 <5.6.15+230412Fix Suggestion:
Update to version 5.6.15+230412limesurvey/limesurvey (PHP):
Affected version(s) >=4.0.1+200120 <dev-dependabot/npm_and_yarn/assets/packages/adminsidepanel/terser-4.8.1Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/assets/packages/adminsidepanel/terser-4.8.1Related Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
LOW