WS-2023-0414 | Mend Vulnerability Database

Vulnerability DatabaseWS-2023-0414

WS-2023-0414

Published:May 15, 2026

Updated:May 15, 2026

Deleted account still has the right to create, delete other accounts (delete surveys) in limesurvey/limesurvey

Affected Packages

limesurvey/limesurvey (PHP):

Affected version(s) =dev-fix-spss-token-length <dev-fix-tests

Fix Suggestion:

Update to version dev-fix-tests

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-master-innodb <dev-snyk-upgrade-568d6fdaf6b84a31b10bdc2cfcabbdfd

Fix Suggestion:

Update to version dev-snyk-upgrade-568d6fdaf6b84a31b10bdc2cfcabbdfd

limesurvey/limesurvey (PHP):

Affected version(s) =dev-scrutinizer-patch-3 <dev-snyk-upgrade-f2061a8270a5579306cb12524f53a6d4

Fix Suggestion:

Update to version dev-snyk-upgrade-f2061a8270a5579306cb12524f53a6d4

limesurvey/limesurvey (PHP):

Affected version(s) =dev-develop-innodb <dev-display-import-errors-master

Fix Suggestion:

Update to version dev-display-import-errors-master

limesurvey/limesurvey (PHP):

Affected version(s) =dev-survey-defaultsettings <dev-test-log-checks

Fix Suggestion:

Update to version dev-test-log-checks

limesurvey/limesurvey (PHP):

Affected version(s) =dev-inspect-31 <dev-snyk-upgrade-53b356322f333277c170a2cf3a032ba7

Fix Suggestion:

Update to version dev-snyk-upgrade-53b356322f333277c170a2cf3a032ba7

limesurvey/limesurvey (PHP):

Affected version(s) =dev-revert-14-scrutinizer-patch-1 <dev-snyk-upgrade-09b43073972851b96ebd7683ed5b21ab

Fix Suggestion:

Update to version dev-snyk-upgrade-09b43073972851b96ebd7683ed5b21ab

limesurvey/limesurvey (PHP):

Affected version(s) =dev-viewanswers <dev-snyk-upgrade-1eb5139e4072b633334be7fdb770a7d3

Fix Suggestion:

Update to version dev-snyk-upgrade-1eb5139e4072b633334be7fdb770a7d3

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.0-beta <dev-on-update-values-v4

Fix Suggestion:

Update to version dev-on-update-values-v4

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-install-command-rpc <dev-kill-travis

Fix Suggestion:

Update to version dev-kill-travis

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-em_quota <dev-fix-composer-license-format

Fix Suggestion:

Update to version dev-fix-composer-license-format

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-anonymize-tokens <dev-basic

Fix Suggestion:

Update to version dev-basic

limesurvey/limesurvey (PHP):

Affected version(s) =dev-global-settings <dev-inject-questionattributes

Fix Suggestion:

Update to version dev-inject-questionattributes

limesurvey/limesurvey (PHP):

Affected version(s) =dev-develop <dev-develop-develop

Fix Suggestion:

Update to version dev-develop-develop

limesurvey/limesurvey (PHP):

Affected version(s) =dev-fix-theme-help <dev-fix-typo

Fix Suggestion:

Update to version dev-fix-typo

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.1+200120 <4.2.0+200422

Fix Suggestion:

Update to version 4.2.0+200422

limesurvey/limesurvey (PHP):

Affected version(s) =dev-survey-activator2 <dev-dependabot/npm_and_yarn/assets/packages/adminbasics/loader-utils-2.0.3

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/assets/packages/adminbasics/loader-utils-2.0.3

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-relevance-import2 <dev-snyk-fix-a9c10ba47e88a08c83b32a913752ea82

Fix Suggestion:

Update to version dev-snyk-fix-a9c10ba47e88a08c83b32a913752ea82

limesurvey/limesurvey (PHP):

Affected version(s) =dev-fix-gitignore <dev-fix-model-relations

Fix Suggestion:

Update to version dev-fix-model-relations

limesurvey/limesurvey (PHP):

Affected version(s) =dev-tests-clieck-views1 <dev-dependabot/npm_and_yarn/assets/packages/questions/timer/loader-utils-1.4.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/assets/packages/questions/timer/loader-utils-1.4.2

limesurvey/limesurvey (PHP):

Affected version(s) =dev-inspect34 <dev-snyk-upgrade-3ddd041b50fb018d81e7711467a35e76

Fix Suggestion:

Update to version dev-snyk-upgrade-3ddd041b50fb018d81e7711467a35e76

limesurvey/limesurvey (PHP):

Affected version(s) >=3.0.1+171228 <3.17.8+190722

Fix Suggestion:

Update to version 3.17.8+190722

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-tests-lchtest <dev-update-testing-dependencies

Fix Suggestion:

Update to version dev-update-testing-dependencies

limesurvey/limesurvey (PHP):

Affected version(s) =dev-copy-question <dev-detached

Fix Suggestion:

Update to version dev-detached

Related Resources (1)

https://github.com/limesurvey/limesurvey/commit/a738d1444815637087b70d6902bfe4f6f3202be1

Do you need more information?

CVSS v4

Base Score:

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

HIGH

Subsequent System Integrity

LOW

Subsequent System Availability

LOW

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW