Security Advisory

CVE-2021-44967

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-22 21:17:32

Last updated 2025-02-20 03:12:37

Assigner mitre

State PUBLISHED

Description

A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. NOTE: the Suppliers position is that plugins intentionally can contain arbitrary PHP code, and can only be installed by a superadmin, and therefore the security model is not violated by this finding.

← Browse all CVEs View on cve.org ↗