Description

A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.

Remediation

References

CVE-2021-44967

Related Vulnerabilities

WordPress Plugin IBS Mappro Arbitrary File Download (0.6)

Joomla Improper Privilege Management Vulnerability (CVE-2012-1563)

Joomla Missing Authentication for Critical Function Vulnerability (CVE-2019-10946)

Python Credentials Management Errors Vulnerability (CVE-2019-10160)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2854)

Severity

High

Classification

CVE-2021-44967 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities