Strike ID:
E19-5n1d1
CVSS:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
False Positive:
f
Variants:
1
Year:
2018

Description

This strike exploits a remote code execution in LimeSurvey. The vulnerability resides in a PHP Phar deserialization within the TCPDF component and can be exploited by uploading a malicious JPEG/Phar polyglot and exporting the survey that contains it. Exploiting this flaw requires authenticatiuon and results in remote code execution.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}