View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 256
IDProjectCategoryView StatusDate SubmittedLast Update
15834Bug reportsSecuritypublic2020-02-07 10:582020-02-10 12:40
Reporterollehar Assigned Toollehar  
PriorityimmediateSeveritypartial_block 
Status closedResolutionfixed 
Product Version4.1.1 
Target Version4.0.xFixed in Version4.1.1 
Summary15834: Missing permission check in PHP when saving question data
Description

Title. By crafting a POST request, anyone can change any question.

TagsNo tags attached.
Bug heat256
Complete LimeSurvey version number (& build)latest master
I will donate to the project if issue is resolvedNo
Browser-
Database type & version-
Server OS (if known)-
Webserver software & version (if known)-
PHP Version-

Users monitoring this issue

There are no users monitoring this issue.

Activities

ollehar

ollehar

2020-02-07 12:16

administrator   ~55800

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=29515
DenisChenu

DenisChenu

2020-02-08 12:34

developer   ~55813

Move to security category
lime_release_bot

lime_release_bot

2020-02-10 12:40

administrator   ~55823

Fixed in Release 4.1.2+200210

Related Changesets

LimeSurvey: master da942d48

2020-02-07 12:16:32

ollehar

Details Diff 		Fixed issue 15834: Missing permission check in PHP when saving question data Affected Issues
15834
mod - application/controllers/admin/questionedit.php Diff File

Issue History

Date Modified Username Field Change
2020-02-07 10:58 ollehar New Issue
2020-02-07 11:00 ollehar Priority none => immediate
2020-02-07 11:00 ollehar Summary Missing permission in PHP when saving question data => Missing permission check in PHP when saving question data
2020-02-07 11:00 ollehar Description Updated
2020-02-07 12:16 ollehar Changeset attached => LimeSurvey master da942d48
2020-02-07 12:16 ollehar Note Added: 55800
2020-02-07 12:16 ollehar Assigned To => ollehar
2020-02-07 12:16 ollehar Resolution open => fixed
2020-02-07 12:16 ollehar Status new => resolved
2020-02-07 12:16 ollehar Fixed in Version => 4.1.1
2020-02-08 12:34 DenisChenu Category Survey editing => Security
2020-02-08 12:34 DenisChenu Note Added: 55813
2020-02-10 12:40 lime_release_bot Note Added: 55823
2020-02-10 12:40 lime_release_bot Status resolved => closed