WS-2023-0242 | Mend Vulnerability Database

Vulnerability DatabaseWS-2023-0242

WS-2023-0242

Published:May 15, 2026

Updated:May 15, 2026

IDOR in notification function in limesurvey/limesurvey

Affected Packages

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-em_quota <dev-fix-composer-license-format

Fix Suggestion:

Update to version dev-fix-composer-license-format

limesurvey/limesurvey (PHP):

Affected version(s) >=2.65.6+170615 <3.0.0+171222

Fix Suggestion:

Update to version 3.0.0+171222

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-new-scrutinizer <dev-scrutinizer-exclude-paths

Fix Suggestion:

Update to version dev-scrutinizer-exclude-paths

limesurvey/limesurvey (PHP):

Affected version(s) =dev-viewanswers <dev-snyk-upgrade-1eb5139e4072b633334be7fdb770a7d3

Fix Suggestion:

Update to version dev-snyk-upgrade-1eb5139e4072b633334be7fdb770a7d3

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.0-RC2+190723 <4.0.0-RC4+190930

Fix Suggestion:

Update to version 4.0.0-RC4+190930

limesurvey/limesurvey (PHP):

Affected version(s) =dev-develop-innodb <dev-display-import-errors-master

Fix Suggestion:

Update to version dev-display-import-errors-master

limesurvey/limesurvey (PHP):

Affected version(s) =dev-fix-gitignore <dev-fix-model-relations

Fix Suggestion:

Update to version dev-fix-model-relations

limesurvey/limesurvey (PHP):

Affected version(s) =dev-dev-clean-survey-model <dev-dev-feature-api-add-quota-completeCount

Fix Suggestion:

Update to version dev-dev-feature-api-add-quota-completeCount

limesurvey/limesurvey (PHP):

Affected version(s) =4.0.0-beta <4.0.0+200116

Fix Suggestion:

Update to version 4.0.0+200116

limesurvey/limesurvey (PHP):

Affected version(s) =dev-sid-spaces <dev-snyk-upgrade-568d6fdaf6b84a31b10bdc2cfcabbdfd

Fix Suggestion:

Update to version dev-snyk-upgrade-568d6fdaf6b84a31b10bdc2cfcabbdfd

limesurvey/limesurvey (PHP):

Affected version(s) =dev-survey-defaultsettings <dev-test-log-checks

Fix Suggestion:

Update to version dev-test-log-checks

limesurvey/limesurvey (PHP):

Affected version(s) >=3.0.2+180110 <3.17.14+190902

Fix Suggestion:

Update to version 3.17.14+190902

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-booleans1 <dev-scrutinizer-patch-1

Fix Suggestion:

Update to version dev-scrutinizer-patch-1

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-anonymize-tokens <dev-basic

Fix Suggestion:

Update to version dev-basic

limesurvey/limesurvey (PHP):

Affected version(s) =dev-scrutinizer-patch-3 <dev-snyk-upgrade-f2061a8270a5579306cb12524f53a6d4

Fix Suggestion:

Update to version dev-snyk-upgrade-f2061a8270a5579306cb12524f53a6d4

limesurvey/limesurvey (PHP):

Affected version(s) =dev-global-settings <dev-inject-questionattributes

Fix Suggestion:

Update to version dev-inject-questionattributes

limesurvey/limesurvey (PHP):

Affected version(s) =dev-relevance-import2 <dev-scrutinizer-patch-2

Fix Suggestion:

Update to version dev-scrutinizer-patch-2

limesurvey/limesurvey (PHP):

Affected version(s) =dev-copy-question <dev-detached

Fix Suggestion:

Update to version dev-detached

limesurvey/limesurvey (PHP):

Affected version(s) =dev-survey-activator2 <dev-dependabot/npm_and_yarn/assets/packages/adminbasics/loader-utils-2.0.3

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/assets/packages/adminbasics/loader-utils-2.0.3

limesurvey/limesurvey (PHP):

Affected version(s) =dev-install-command-rpc <dev-json-data

Fix Suggestion:

Update to version dev-json-data

limesurvey/limesurvey (PHP):

Affected version(s) =dev-develop <dev-develop-develop

Fix Suggestion:

Update to version dev-develop-develop

limesurvey/limesurvey (PHP):

Affected version(s) =dev-revert-14-scrutinizer-patch-1 <dev-snyk-upgrade-09b43073972851b96ebd7683ed5b21ab

Fix Suggestion:

Update to version dev-snyk-upgrade-09b43073972851b96ebd7683ed5b21ab

limesurvey/limesurvey (PHP):

Affected version(s) =dev-inspect34 <dev-snyk-upgrade-3ddd041b50fb018d81e7711467a35e76

Fix Suggestion:

Update to version dev-snyk-upgrade-3ddd041b50fb018d81e7711467a35e76

limesurvey/limesurvey (PHP):

Affected version(s) =2018012401.x-dev <dev-activator

Fix Suggestion:

Update to version dev-activator

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-tests-lchtest <dev-travis-postgre

Fix Suggestion:

Update to version dev-travis-postgre

Related Resources (1)

https://github.com/limesurvey/limesurvey/commit/97859da0790abca49e66cd84d7f1555bc3c6eb13

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE