CVE-2018-1000659: Path Traversal
First published: Thu Sep 06 2018(Updated: )
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Limesurvey Limesurvey | <=3.14.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for LimeSurvey?
The vulnerability ID for LimeSurvey is CVE-2018-1000659.
What is the severity of CVE-2018-1000659?
The severity of CVE-2018-1000659 is high, with a score of 8.8.
How does the vulnerability in LimeSurvey allow remote code execution?
The vulnerability in LimeSurvey allows remote code execution by exploiting a directory traversal in file upload, which allows the upload of a webshell.
Which version of LimeSurvey is affected by CVE-2018-1000659?
LimeSurvey version 3.14.4 and earlier are affected by CVE-2018-1000659.
Is there a fix available for CVE-2018-1000659?
Yes, a fix is available. Update to a version later than 3.14.4 of LimeSurvey.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/limesurvey
- canonical/limesurvey limesurvey
- version/limesurvey limesurvey/3.14.4