Vulnerability Description
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Limesurvey | Limesurvey | <= 3.14.4 |
Related Weaknesses (CWE)
References
- https://github.com/LimeSurvey/LimeSurvey/commit/72a02ebaaf95a80e26127ee7ee2b123cPatchThird Party Advisory
- https://github.com/LimeSurvey/LimeSurvey/commit/72a02ebaaf95a80e26127ee7ee2b123cPatchThird Party Advisory
FAQ
What is CVE-2018-1000659?
CVE-2018-1000659 is a vulnerability with a CVSS score of 8.8 (HIGH). LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution a...
How severe is CVE-2018-1000659?
CVE-2018-1000659 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000659?
Check the references section above for vendor advisories and patch information. Affected products include: Limesurvey Limesurvey.