An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.
Max CVSS
9.8
EPSS Score
0.31%
Published
2023-01-27
Updated
2023-02-04
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.
Max CVSS
9.0
EPSS Score
2.19%
Published
2022-02-24
Updated
2022-03-02

CVE-2020-11455

Public exploit
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
Max CVSS
9.8
EPSS Score
87.85%
Published
2020-04-01
Updated
2022-07-30
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
Max CVSS
9.8
EPSS Score
0.15%
Published
2021-02-14
Updated
2021-06-04
A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.
Max CVSS
9.8
EPSS Score
0.26%
Published
2019-09-09
Updated
2020-08-24

CVE-2019-9960

Public exploit
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
Max CVSS
9.8
EPSS Score
0.28%
Published
2019-03-24
Updated
2020-08-24

CVE-2018-17057

Public exploit
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Max CVSS
9.8
EPSS Score
29.33%
Published
2018-09-14
Updated
2019-04-26
LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.
Max CVSS
9.1
EPSS Score
0.28%
Published
2018-02-28
Updated
2018-03-23
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors.
Max CVSS
9.3
EPSS Score
0.41%
Published
2008-06-06
Updated
2017-08-08
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!