CVE-2022-48008: Malicious File Upload
First published: Fri Jan 27 2023(Updated: )
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| LimeSurvey | =5.4.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this arbitrary file upload vulnerability?
The vulnerability ID for this arbitrary file upload vulnerability is CVE-2022-48008.
What is the severity rating for CVE-2022-48008?
CVE-2022-48008 has a severity rating of 9.8 (critical).
How does the arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 work?
The arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code by uploading a crafted PHP file.
Which version of LimeSurvey is affected by CVE-2022-48008?
LimeSurvey version 5.4.15 is affected by CVE-2022-48008.
Is there a fix available for CVE-2022-48008?
Yes, a fix for CVE-2022-48008 is available. It is recommended to update to a version that is not affected by this vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/first-publish-date
- agent/softwarecombine
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/limesurvey
- canonical/limesurvey
- version/limesurvey/5.4.15