WS-2023-0217 | Mend Vulnerability Database

Vulnerability DatabaseWS-2023-0217

WS-2023-0217

Published:May 15, 2026

Updated:May 15, 2026

An Improper Input Validation in limesurvey before 6.1.4 enables bypassing the conditional check that enables a user to delete himself, leading to potential misbehavior of the application.

Affected Packages

limesurvey/limesurvey (PHP):

Affected version(s) =6.0.0+230405 <dev-findfix6

Fix Suggestion:

Update to version dev-findfix6

limesurvey/limesurvey (PHP):

Affected version(s) >=3.0.1+171228 <3.28.59+230517

Fix Suggestion:

Update to version 3.28.59+230517

limesurvey/limesurvey (PHP):

Affected version(s) >=2.2.5 <dev-3.x-LTS

Fix Suggestion:

Update to version dev-3.x-LTS

limesurvey/limesurvey (PHP):

Affected version(s) >=5.0.1+210532 <5.6.23+230524

Fix Suggestion:

Update to version 5.6.23+230524

limesurvey/limesurvey (PHP):

Affected version(s) =5.0.0+210526 <dev-snyk-upgrade-2721d74513ebeb6a032896d25085b820

Fix Suggestion:

Update to version dev-snyk-upgrade-2721d74513ebeb6a032896d25085b820

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.0-RC10+191202 <dev-on-update-values-v4

Fix Suggestion:

Update to version dev-on-update-values-v4

limesurvey/limesurvey (PHP):

Affected version(s) >=6.0.1+230411 <6.1.0+230522

Fix Suggestion:

Update to version 6.1.0+230522

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.1+200120 <dev-dependabot/npm_and_yarn/assets/packages/adminsidepanel/terser-4.8.1

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/assets/packages/adminsidepanel/terser-4.8.1

Related Resources (1)

https://github.com/limesurvey/limesurvey/commit/96f20d562a469be804478cf5a8eb7a15c4b59d8c

Do you need more information?

CVSS v4

Base Score:

5.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

PASSIVE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH