CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17003 – LimeSurvey 3.14.7 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-17003
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert. En LimeSurvey 3.14.7, se han descubierto una inyección HTML y Cross-Site Scripting (XSS) persistente en el apéndice mediante el parámetro surveyls_title en /index.php?r=admin/survey/sa/insert. LimeSurvey version 3.14.7 suffers from cross site scripting and html injection vulnerabilities. • http://packetstormsecurity.com/files/149435/LimeSurvey-3.14.7-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 26%CPEs: 2EXPL: 2CVE-2018-17057 – LimeSurvey < 3.16 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. Se ha descubierto un problema en TCPDF en versiones anteriores a la 6.2.22. Los atacantes pueden desencadenar la deserialización de datos arbitrarios mediante el wrapper phar: . TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution. • https://www.exploit-db.com/exploits/46634 http://packetstormsecurity.com/files/152200/TCPDF-6.2.19-Deserialization-Remote-Code-Execution.html http://packetstormsecurity.com/files/152360/LimeSurvey-Deserialization-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2019/Mar/36 https://contao.org/en/news/security-vulnerability-cve-2018-17057.html https://github.com/LimeSurvey/LimeSurvey/commit/1cdd78d27697b3150bb44aaa7af1a81062a591a5 https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000659
https://notcve.org/view.php?id=CVE-2018-1000659
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4. LimeSurvey en su versión 3.14.4 y anteriores contiene una vulnerabilidad de salto de directorio en la subida de archivos que permite una vulnerabilidad de subida de shell web en la funcionalidad de subida de archivos que puede resultar en la ejecución remota de código como usuario autenticado. El ataque parece ser explotable si un usuario autenticado sube un archivo zip especialmente manipulado para poder ejecutar código de forma remota. • https://github.com/LimeSurvey/LimeSurvey/commit/72a02ebaaf95a80e26127ee7ee2b123cccce05a7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000658
https://notcve.org/view.php?id=CVE-2018-1000658
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4. LimeSurvey en versiones anteriores a la 3.14.4 contiene una vulnerabilidad de subida de archivos en la funcionalidad de subida que puede resultar en que un atacante pueda ejecutar código mediante el shell web. El ataque parece ser explotable si un usuario autenticado sube un archivo zip que contenga archivos php maliciosos que pueden ser llamados en determinadas circunstancias. • https://github.com/LimeSurvey/LimeSurvey/commit/20fc85edccc80e7e7f162613542792380c44446a https://github.com/LimeSurvey/LimeSurvey/commit/91d143230eb357260a19c8424b3005deb49a47f7 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16397
https://notcve.org/view.php?id=CVE-2018-16397
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, En LimeSurvey en versiones anteriores a la 3.14.7, un usuario administrador puede aprovechar una pregunta "file upload" para leer un archivo arbitrario. • https://github.com/LimeSurvey/LimeSurvey/blob/3be9b41e76826b57f5860d18d93b23f47d59d2e4/docs/release_notes.txt#L51 • CWE-434: Unrestricted Upload of File with Dangerous Type •