CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-11455

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile38.98th
Published2020年4月1日
Last Modified2024年11月21日

Vulnerability Description

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.

Affected Platforms (CPE)

📦
Limesurvey

Limesurvey

<= 4.1.11
📦
Limesurvey

Limesurvey

= 4.1.12
📦
Limesurvey

Limesurvey

= 4.1.12

References & Advisories

🔗 http://packetstormsecurity.com/files/157112/LimeSurvey-4.1.11-Path-Traversal.html
🔗 https://github.com/LimeSurvey/LimeSurvey/commit/daf50ebb16574badfb7ae0b8526ddc5871378f1b
🔗 https://www.exploit-db.com/exploits/48297
🔗 http://packetstormsecurity.com/files/157112/LimeSurvey-4.1.11-Path-Traversal.html
🔗 https://github.com/LimeSurvey/LimeSurvey/commit/daf50ebb16574badfb7ae0b8526ddc5871378f1b
🔗 https://www.exploit-db.com/exploits/48297

相关漏洞威胁

CVE-2019-250199.8

LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.

CVE-2019-99609.8

The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.

CVE-2019-161849.8

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their ...

CVE-2008-25709.3

Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors.