CVE-2019-16174

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-16174

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16174.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-16174

Published

2019-09-09T21:15:11.153Z

Modified

2025-11-14T09:20:30.902601Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.

References

Affected packages

Git / github.com/limesurvey/limesurvey

Affected ranges

Type: GIT
Repo: https://github.com/limesurvey/limesurvey
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5870fd1037058bc4e43cccf893b576c72293371e

Affected versions

1.*

1.45a

1.45a_2007-02-24

1.50_2007-08-06

1.53_2007-11-01

1.70_2008-02-25

1.70_plus_2008-03-09

1.70_plus_2008-03-16

1.70_plus_2008-03-17

1.70_plus_2008-03-30

1.70_plus_2008-04-07

1.70_plus_2008-04-14

1.70_plus_2008-04-21

1.70_plus_2008-04-28

1.70_plus_2008-05-05

1.70_plus_2008-05-12

1.70_plus_2008-05-19

1.70_plus_2008-05-21

1.70_plus_2008-05-26

1.71_plus_2008-06-12

1.71_plus_2008-06-17

1.71_plus_2008-06-30

1.71_plus_2008-07-07

1.71_plus_2008-07-15

1.71_plus_2008-07-30

1.71_plus_2008-08-05

1.71_plus_2008-08-15

1.71_plus_2008-08-27

1.71_plus_2008-09-01

1.71_plus_2008-09-08

1.71_plus_2008-09-15

1.71_plus_2008-09-22

1.71_plus_2008-09-29

1.72_2008-10-07

1.80_2009-03-09

1.80_plus_2009-03-23

1.80_plus_2009-03-30

1.80_plus_2009-04-06

1.81_2009-04-10

1.81_plus_2009-04-16

1.81_plus_2009-04-20

1.82_2009-04-29

1.82_plus_2009-05-04

1.82_plus_2009-05-11

1.85_2009-06-15

1.85_plus_2009-06-22

1.85_plus_2009-06-29

1.85_plus_2009-07-08

1.85_plus_2009-07-20

1.85_plus_2009-08-03

1.85_plus_2009-08-10

1.85_plus_2009-08-12

1.85_plus_2009-08-19

1.85_plus_2009-08-24

1.85_plus_2009-08-31

1.85_plus_2009-09-07

1.85_plus_2009-09-15

1.85_plus_2009-09-21

1.85_plus_2009-09-28

1.86_2009-09-30

1.87_2009-12-29

1.87_plus_2010-01-05

1.87_plus_2010-01-12

1.87_plus_2010-01-19

1.87_plus_2010-01-26

1.87_plus_2010-02-02

1.87_plus_2010-02-09

1.87_plus_2010-02-11

1.87_plus_2010-02-16

1.87_plus_2010-02-23

1.87_plus_2010-03-02

1.87_plus_2010-03-09

1.87_plus_2010-03-18

1.87_plus_2010-03-23

1.90_plus_2010-08-10

1.90_plus_2010-08-17

1.90_plus_2010-08-24

1.90_plus_2010-09-07

1.90_plus_2010-09-14

1.90_plus_2010-09-29

1.90_plus_2010-10-05

1.90_plus_2010-10-12

1.90_plus_2010-10-13

1.90_plus_2010-10-19

1.90_plus_2010-10-20

1.90_plus_2010-10-23

1.90_plus_2010-10-26

1.90_plus_2010-11-03

1.90_plus_2010-11-09

1.90_plus_2010-11-16

1.90_plus_2010-11-23

1.90_plus_2010-11-30

1.90_plus_2010-12-07

1.90_plus_2010-12-14

1.90_plus_2011-01-25

1.91RC3

1.91_2011-05-03

1.91_plus_10232

1.91_plus_10315

1.91_plus_2011-05-10

1.91_plus_2011-05-12

1.91_plus_2011-05-17

1.91_plus_2011-05-25

1.91_plus_2011-06-01

1.91_plus_2011-06-05

1.91_plus_2011-06-08

1.91_plus_2011-06-15

1.91_plus_2011-06-21

1.91_plus_2011-06-29

1.91_plus_2011-07-08

1.91_plus_2011-07-11

1.91_plus_2011-07-12

1.91_plus_2011-07-22

1.91_plus_2011-07-28

1.91_plus_2011-08-03

1.91_plus_2011-08-05

1.91_plus_2011-08-10

1.91_plus_2011-08-11

1.91_plus_2011-08-16

1.91_plus_2011-08-26

1.91_plus_2011-09-06

1.91_plus_2011-09-20

1.91_plus_2011-09-21

1.91_plus_2011-10-05

1.91_plus_2011-10-14

1.91_plus_2011-10-20

1.91_plus_2011-10-21

1.91_plus_2011-11-08

1.91_plus_2011-11-16

1.91_plus_2011-12-30

1.91_plus_2012-01-23

1.91_plus_2012-02-05

1.91_plus_2012-02-09

1.91_plus_2012-02-24

1.91_plus_2012-03-02

1.92RC1

1.92RC2

1.92RC3

1.92RC4

1.92RC5

1.92_120303

1.92_plus_120311

1.92_plus_120314

1.92_plus_120319

1.92_plus_120323

1.92_plus_120325

1.92_plus_120330

1.92_plus_120405

1.92_plus_120412

1.92_plus_120418

1.92_plus_120425

1.92_plus_120501

1.92_plus_120509

1.92_plus_120516

1.92_plus_120517

1.92_plus_120526

1.92_plus_120529

1.92_plus_120530

1.92_plus_120607

1.92_plus_120608

1.92_plus_120613

1.92_plus_120620

1.92_plus_120623

1.92_plus_120704

1.92_plus_120711

1.92_plus_120718

1.92_plus_120725

1.92_plus_120801

1.92_plus_120815

1.92_plus_120822

1.92_plus_120909

1.92_plus_120919

2.*

2.00RC1_120510

2.00RC2_120528

2.00RC2_1205621

2.00RC3_1205621

2.00RC4_1205622

2.00RC5_120719

2.00RC7_120721

2.00RC8_120803

2.00RC9_120816

2.00_120920

2.00_120926

2.00_plus_120924

2.00_plus_120926

2.00_plus_120930

2.00_plus_120931

2.00_plus_121002

2.00_plus_121005

2.00_plus_121006

2.00_plus_121009

2.00_plus_121011

2.00_plus_121013

2.00_plus_121014

2.00_plus_121016

2.00_plus_121017

2.00_plus_121019

2.00_plus_121024

2.00_plus_121025

2.00_plus_121030

2.00_plus_121031

2.00_plus_121101

2.00_plus_121102

2.00_plus_121104

2.00_plus_121106

2.00_plus_121113

2.00_plus_121114

2.00_plus_121115

2.00_plus_121116

2.00_plus_121117

2.00_plus_121120

2.00_plus_121121

2.00_plus_121127

2.00_plus_121204

2.00_plus_121207

2.00_plus_121208

2.00_plus_121209

2.00_plus_121211

2.00_plus_121213

2.00_plus_121220

2.00_plus_121231

2.00_plus_130103

2.00_plus_130108

2.00_plus_130110

2.00_plus_130115

2.00_plus_130116

2.00_plus_130122

2.00_plus_130129

2.00_plus_130206

2.00_plus_130213

2.00_plus_130219

2.00_plus_130226

2.00_plus_130305

2.00_plus_130311

2.00_plus_130317

2.00_plus_130325

2.00_plus_130406

2.00_plus_130423

2.00_plus_130428

2.00_plus_130513

2.00_plus_130514

2.00_plus_130526

2.00_plus_130611

2.00_plus_130708

2.00_plus_130802

2.00_plus_130913

2.00_plus_130923

2.00_plus_130929

2.00_plus_131009

2.00_plus_131022

2.00_plus_131031

2.00_plus_131107

2.00_plus_131122

2.00_plus_131202

2.00_plus_131206

2.00a2_120312

2.00a3_120315

2.00b1_120406

2.05RC1_130924

2.05RC2

2.05RC3_131023

2.05RC4_131024

2.05RC5_131030

2.05RC6_131105

2.05_131209

2.05_beta_1

2.05_beta_2

2.05_beta_3

2.05_beta_4

2.05_beta_5

2.05_beta_6

2.05_plus_131219

2.05_plus_140109

2.05_plus_140116

2.05_plus_140125

2.05_plus_140131

2.05_plus_140204

2.05_plus_140212

2.05_plus_140216

2.05_plus_140217

2.05_plus_140226

2.05_plus_140302

2.05_plus_140317

2.05_plus_140320

2.05_plus_140404

2.05_plus_140414

2.05_plus_140422

2.05_plus_140502

2.05_plus_140520

2.05_plus_140611

2.05_plus_140612

2.05_plus_140618

2.05_plus_140703

2.05_plus_140717

2.05_plus_140730

2.05_plus_140811

2.05_plus_140902

2.05_plus_140911

2.05_plus_140915

2.05_plus_141003

2.05_plus_141020

2.05_plus_141109

2.05_plus_141110

2.05_plus_141113

2.05_plus_141123

2.05_plus_141126

2.05_plus_141210

2.05_plus_141229

2.05_plus_150211

2.05_plus_150310

2.05_plus_150413

2.05_plus_150508

2.05_plus_150520

2.06RC1_150507

2.06RC2_150511

2.06_alpha_1

2.06_alpha_2

2.06_plus_150611

2.06_plus_150612

2.06_plus_150619

2.06_plus_150629

2.06_plus_150723

2.06_plus_150729

2.06_plus_150730

2.06_plus_150731

2.06_plus_150812

2.06_plus_150824

2.06_plus_150825

2.06_plus_150831

2.06_plus_150911

2.06_plus_150930

2.06_plus_151014

2.06_plus_151016

2.06_plus_151018

2.06_plus_151109

2.06_plus_151126

2.06_plus_151205

2.06_plus_151215

2.06_plus_160121

2.06_plus_160123

2.06_plus_160129

2.50.1_160823

2.50RC1_151005

2.50RC2_151008

2.50RC3_151203

2.50RC4_151204

2.50RC5_151207

2.50RC6_160108

2.50RC7_160121

2.50RC8_160131

2.50_plus_160202

2.50_plus_160204

2.50_plus_160206

2.50_plus_160210

2.50_plus_160212

2.50_plus_160213

2.50_plus_160215

2.50_plus_160216

2.50_plus_160217

2.50_plus_160218

2.50_plus_160219

2.50_plus_160222

2.50_plus_160223

2.50_plus_160225

2.50_plus_160228

2.50_plus_160307

2.50_plus_160308

2.50_plus_160309

2.50_plus_160310

2.50_plus_160311

2.50_plus_160314

2.50_plus_160316

2.50_plus_160317

2.50_plus_160323

2.50_plus_160330

2.50_plus_160401

2.50_plus_160404

2.50_plus_160405

2.50_plus_160407

2.50_plus_160408

2.50_plus_160411

2.50_plus_160412

2.50_plus_160413

2.50_plus_160414

2.50_plus_160415

2.50_plus_160418

2.50_plus_160421

2.50_plus_160425

2.50_plus_160426

2.50_plus_160428

2.50_plus_160430

2.50_plus_160503

2.50_plus_160504

2.50_plus_160506

2.50_plus_160512

2.50_plus_160516

2.50_plus_160517

2.50_plus_160523

2.50_plus_160525

2.50_plus_160526

2.50_plus_160529

2.50_plus_160602

2.50_plus_160603

2.50_plus_160606

2.50_plus_160613

2.50_plus_160614

2.50_plus_160616

2.50_plus_160620

2.50_plus_160714

2.50_plus_160715

2.50_plus_160718

2.50_plus_160725

2.50_plus_160726

2.50_plus_160727

2.50_plus_160728

2.50_plus_160731

2.50_plus_160804

2.50_plus_160810

2.50_plus_160812

2.50_plus_160816

2.50_plus_160817

2.51.0_160829

2.51.1_160901

2.51.2_160906

2.51.3_160907

2.51.4+160908

2.51.4_160908

2.52+160929

2.53+161004

2.54+161007

2.54.1+161010

2.54.2+161012

2.54.3+161014

2.54.4+161018

2.54.5+161019

2.55+161021

2.55.1+161026

2.55.2+161103

2.55.3+161111

2.56+161117

2.56.1+161118

2.57.0+161202

2.57.1+161205

2.58.0+170104

2.58.1+170113

2.58.2+170114

2.59.0+170115

2.59.1+170116

2.62.0+170124

2.62.1+170130

2.62.2+170203

2.63.0+170304

2.63.1+170305

2.64.0+170307

2.64.1+170310

2.64.2+170324

2.64.3+170327

2.64.4+170330

2.64.5+170331

2.64.6+170332

2.64.7+170404

2.65.0+170502

2.65.0+170522

2.65.1+170522

2.65.2+170606

2.65.3+170607

2.65.4+170612

2.65.5+170613

2.65.6+170615

2.66.6+170619

2.67.0+170622

2.67.1+170626

2.67.2+170719

2.67.2+170728

2.67.3+170728

2.70.0+170921

2.71.0+170925

2.71.1+170927

2.72.0+171010

2.72.1+171012

2.72.2+171017

2.72.3+171020

2.72.4+171110

2.72.5+171121

2.72.6+171207

2.73.0+171219

2.73.1+171220

2.91_plus_10315

3.*

3.0.0+171222

3.0.0-RC.1

3.0.0-RC.2+171102

3.0.0-RC.3+171114

3.0.0-beta.1+170720

3.0.0-beta.2+170810

3.0.0-beta.3+170914

3.0.1+171228

3.0.2+180110

3.0.3+180112

3.0.4+180116

3.0.5+180118

3.1.0

3.1.1+180130

3.10.0+180611

3.11.0+180612

3.12.0+180615

3.12.1+180616

3.12.2+180625

3.12.3+180627

3.13.0+180628

3.13.1+180629

3.13.2+180709

3.14.0+180730

3.14.1+180731

3.14.10+180924

3.14.10+180926

3.14.11+180926

3.14.2+180807

3.14.4+180810

3.14.5+180815

3.14.6+180821

3.14.7+180827

3.14.8+180829

3.14.9+180917

3.15.0+181008

3.15.1+181017

3.15.2+181107

3.15.3+181108

3.15.4+181109

3.15.5+181115

3.15.6+190108

3.15.7+190124

3.15.8+190130

3.15.9+190214

3.16.1+190225

3.16.1+190314

3.17.0+190402

3.17.1+190408

3.17.10+190821

3.17.11+190822

3.17.12+190823

3.17.13+190824

3.17.3+190429

3.17.4+190529

3.17.5+190604

3.17.6+190624

3.17.7+190627

3.17.8+190722

3.17.9+190731

3.2.0+180206

3.2.1+180207

3.3.0+180209

3.3.1

3.4.0+180219

3.4.1+180221

3.4.2+180223

3.4.3+180227

3.4.4+180305

3.5.0+180309

3.5.1+180312

3.5.2+180315

3.5.3+180316

3.5.4+180320

3.6.0+180328

3.6.1+180329

3.6.2+180406

3.6.3+180416

3.7.0+180418

3.7.1+180424

3.7.2+180508

3.7.3+180516

3.8.0+180522

3.8.1+180524

3.8.2+180529

3.9.0+180604

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16174.json"