LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.

By admin