CVE-2022-48008

CVE-2022-48008 affects LimeSurvey, specifically the plugin manager in version v5.4.15. The vulnerability enables an attacker to upload a crafted PHP file, allowing arbitrary code execution on the server due to improper handling/validation of uploaded files in the plugin manager. The impact is con...

CVE-2022-48008

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file...

LimeSurvey 代码问题漏洞

LimeSurvey formerly known as PHPSurveyor is a set of open source online questionnaire survey program by Limesurvey team, which supports survey program development, questionnaire publishing and data collection. A security vulnerability exists in LimeSurvey version v5.4.15, which stems from its...

CVE-2022-48008

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file...

Cross-site Scripting (XSS)

facturascripts/facturascripts is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the ini parameter in the getPluginInfo function of PluginManager.php, allowing an attacker to inject and execute malicious javascript...

CVE-2022-27165

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcmsadminPluginmanagersetstatus...

CVE-2021-0706

In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Remote Code Execution

shopware/platform is vulnerable to remote code execution.The plugin manager allows an authenticated attacker to perform remote code execution without ACL permissions...

Authenticated remote code execution

Impact Authenticated remote code execution using plugin manager without ACL permissions. Patches We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview...

GHSA-PJJ4-JJGC-H3R8 Authenticated remote code execution

Impact Authenticated remote code execution using plugin manager without ACL permissions. Patches We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview...

CSZ CMS 1.2.9 Cross Site Scripting

Exploit Title: CSZ CMS 1.2.9 - Multiple Cross-Site Scripting Date: 2020/12/28 Exploit Author: SunCSR Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.2.9 Tested on: CSZ CMS 1.2.9 1. Reflected XSS Go to url...

Unvalidated redirects in UPM via reverse tabnapping

Affected versions of Atlassian Jira Server and Data Center allow an authenticated attacker to redirect a user to a malicious website via an unvalidated redirect vulnerability in some Universal Plugin Manager pages, e.g. "Manage apps" and "Find new apps". Affected versions: version 7.13.16 7.14.0 ...

LimeSurvey < 3.17.14 Multiple Vulnerabilities

LimeSurvey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Limesurvey Plugin Manager Access Vulnerability

limesurvey is an open source online questionnaire program with multiple functions such as questionnaire design, modification, release, recovery and statistics. A plugin manager access vulnerability exists in Limesurvey versions prior to 3.17.14. An attacker can exploit this vulnerability to acces...

CVE-2019-16186

In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions...

CVE-2019-16186

In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions...

Code injection

In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions...

CVE-2019-16186

In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions...

CVE-2019-16186

LimeSurvey prior to 3.17.14 (≤3.17.13) has a permission check flaw in the plugin manager: admin users can access the plugin manager without proper privileges. This is caused by insufficient access controls in the plugin-management interface. Impact details are limited in the provided docs, but th...

Atlassian Universal Plugin Manager Cross-Site Request Forgery Vulnerability

Atlassian Universal Plugin Manager is a set of tools from Atlassian Australia for managing add-ons in Atlassian applications. A cross-site request forgery vulnerability exists in the Uninstall REST endpoint in Atlassian Universal Plugin Manager versions prior to 2.22.19, 3.0.x versions prior to...