3 matches found
CVE-2018-1000659
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a...
LimeSurvey <= 3.14.3 Multiple RCE Vulnerabilities
LimeSurvey is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
CVE-2018-1000659
LimeSurvey is affected by a directory traversal vulnerability in the file upload feature, allowing an authenticated user to upload a crafted ZIP to achieve remote code execution. This affects LimeSurvey versions 3.14.4 and earlier. The underlying issue is in the file upload handling; exploitation...