CVE-2021-44967

 

Published at: - 24-02-2022 04:15

Last modified: - 02-03-2022 04:34

Total changes: - 2

Description

A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://github.com/Y1LD1R1M-1337/Limesurvey-RCE
• https://www.exploit-db.com/exploits/50573

 

Keywords

NVD

 

CVE-2021-44967

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures