E19-5n1d1
CVSS:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
False Positive:
f
Variants:
1
Year:
2018
Description
This strike exploits a remote code execution in LimeSurvey. The vulnerability resides in a PHP Phar deserialization within the TCPDF component and can be exploited by uploading a malicious JPEG/Phar polyglot and exporting the survey that contains it. Exploiting this flaw requires authenticatiuon and results in remote code execution.
CVE
References
MSB
BID
ExploitDB
Secunia
Security Tracker
Metasploit
ZDI
OSVDB
{}