View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
15834 | Bug reports | Security | public | 2020-02-07 10:58 | 2020-02-10 12:40 |
Reporter | ollehar | Assigned To | ollehar | ||
Priority | immediate | Severity | partial_block | ||
Status | closed | Resolution | fixed | ||
Product Version | 4.1.1 | ||||
Target Version | 4.0.x | Fixed in Version | 4.1.1 | ||
Summary | 15834: Missing permission check in PHP when saving question data | ||||
Description | Title. By crafting a POST request, anyone can change any question. | ||||
Tags | No tags attached. | ||||
Bug heat | 256 | ||||
Complete LimeSurvey version number (& build) | latest master | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | - | ||||
Database type & version | - | ||||
Server OS (if known) | - | ||||
Webserver software & version (if known) | - | ||||
PHP Version | - | ||||
Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=29515 |
|
Move to security category |
|
Fixed in Release 4.1.2+200210 |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2020-02-07 10:58 | ollehar | New Issue | |
2020-02-07 11:00 | ollehar | Priority | none => immediate |
2020-02-07 11:00 | ollehar | Summary | Missing permission in PHP when saving question data => Missing permission check in PHP when saving question data |
2020-02-07 11:00 | ollehar | Description Updated | |
2020-02-07 12:16 | ollehar | Changeset attached | => LimeSurvey master da942d48 |
2020-02-07 12:16 | ollehar | Note Added: 55800 | |
2020-02-07 12:16 | ollehar | Assigned To | => ollehar |
2020-02-07 12:16 | ollehar | Resolution | open => fixed |
2020-02-07 12:16 | ollehar | Status | new => resolved |
2020-02-07 12:16 | ollehar | Fixed in Version | => 4.1.1 |
2020-02-08 12:34 | DenisChenu | Category | Survey editing => Security |
2020-02-08 12:34 | DenisChenu | Note Added: 55813 | |
2020-02-10 12:40 | lime_release_bot | Note Added: 55823 | |
2020-02-10 12:40 | lime_release_bot | Status | resolved => closed |