CVE-2018-1000659
Last modified
CVE-2018-1000659 is a vulnerability of currently unknown severity. LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. EPSS estimates a 3.55% chance of exploitation in the next 30 days.
Description
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Limesurvey | Limesurvey | <= 3.14.4 |
References
- https://github.com/LimeSurvey/LimeSurvey/commit/72a02ebaaf95a80e26127ee7ee2b123cccce05a7Patch, Third Party Advisory
- https://github.com/LimeSurvey/LimeSurvey/commit/72a02ebaaf95a80e26127ee7ee2b123cccce05a7Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000659?
How severe is CVE-2018-1000659?
How do I fix CVE-2018-1000659?
Are you affected by CVE-2018-1000659?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST