CVE-2021-44967: Malicious File Upload
First published: Tue Feb 22 2022(Updated: )
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Limesurvey Limesurvey | =5.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this LimeSurvey vulnerability?
The vulnerability ID for this LimeSurvey vulnerability is CVE-2021-44967.
What is the severity level of CVE-2021-44967?
The severity level of CVE-2021-44967 is critical.
How does the LimeSurvey vulnerability CVE-2021-44967 work?
The LimeSurvey vulnerability CVE-2021-44967 allows a remote malicious user to upload an arbitrary PHP code file via the upload and install plugins function, leading to remote code execution (RCE).
Which version of LimeSurvey is affected by CVE-2021-44967?
LimeSurvey version 5.2.4 is affected by CVE-2021-44967.
Is there a fix available for CVE-2021-44967?
Yes, upgrading to a fixed version (if available) or applying the vendor's recommended patches/updates can fix CVE-2021-44967.
- collector/nvd-index
- agent/weakness
- agent/tags
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/limesurvey
- canonical/limesurvey limesurvey
- version/limesurvey limesurvey/5.2.4