CVE-2022-48008

Published January 27th, 2023

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

1

PROJECT

Description

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.

Sakura-501/LimeSurvey-5.4.15-PluginUploadtoRCEUNAVAILABLE

In LimeSurvey5.4.15, it has a vulnerability in index.php/admin/pluginmanager which can lead to RCE

GitHub