2 matches found
CVE-2021-44967
A Remote Code Execution RCE vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. NOTE: the Supplier's position is that plugins intentionally can contain arbitrary PHP code, and can only be...
PT-2022-12415 · Jpress · Jpress
Name of the Vulnerable Software and Affected Versions: jpress version 4.2.0 Description: The issue allows for command execution via the io.jpress.web.admin. AddonController::doUploadAndInstall function. Recommendations: For jpress version 4.2.0, at the moment, there is no information about a newe...