Vulnerabilities > CVE-2018-17057 - Deserialization of Untrusted Data vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

tecnick

limesurvey

CWE-502

critical

exploit available

NVD

Published: 2018-09-14

Updated: 2019-04-26

Summary

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Vulnerable Configurations

Part	Description	Count
Application	Tecnick Tecnick Tcpdf *	1
Application	Limesurvey Limesurvey Limesurvey 1.01 Limesurvey Limesurvey 1.45 Limesurvey Limesurvey 1.50 Limesurvey Limesurvey 1.52 Limesurvey Limesurvey 1.53 Limesurvey Limesurvey 1.53\+ Limesurvey Limesurvey 1.70 Limesurvey Limesurvey 1.70\+ Limesurvey Limesurvey 1.71 Limesurvey Limesurvey 1.71\+ Limesurvey Limesurvey 1.72 Limesurvey Limesurvey 1.80 Limesurvey Limesurvey 1.80\+ Limesurvey Limesurvey 1.81 Limesurvey Limesurvey 1.81\+ Limesurvey Limesurvey 1.82 Limesurvey Limesurvey 1.82\+ Limesurvey Limesurvey 1.85 Limesurvey Limesurvey 1.86 Limesurvey Limesurvey 1.87 Limesurvey Limesurvey 1.87\+ Limesurvey Limesurvey 1.90 Limesurvey Limesurvey 1.90\+ Limesurvey Limesurvey 1.91 Limesurvey Limesurvey 1.91\+ Limesurvey Limesurvey 1.92 Limesurvey Limesurvey 2.00 Limesurvey Limesurvey 2.05 Limesurvey Limesurvey 2.05\+ Limesurvey Limesurvey 2.06 Limesurvey Limesurvey 2.06\+ Limesurvey Limesurvey 2.6.0 Limesurvey Limesurvey 2.6.7 Limesurvey Limesurvey 2.7.0 Limesurvey Limesurvey 2.50 Limesurvey Limesurvey 2.50.1 Limesurvey Limesurvey 2.51.0 Limesurvey Limesurvey 2.51.1 Limesurvey Limesurvey 2.51.2 Limesurvey Limesurvey 2.51.3 Limesurvey Limesurvey 2.51.4 Limesurvey Limesurvey 2.52.0 Limesurvey Limesurvey 2.53.0 Limesurvey Limesurvey 2.54.0 Limesurvey Limesurvey 2.54.1 Limesurvey Limesurvey 2.54.2 Limesurvey Limesurvey 2.54.3 Limesurvey Limesurvey 2.54.4 Limesurvey Limesurvey 2.54.5 Limesurvey Limesurvey 2.55.0 Limesurvey Limesurvey 2.55.1 Limesurvey Limesurvey 2.55.2 Limesurvey Limesurvey 2.55.3 Limesurvey Limesurvey 2.56.0 Limesurvey Limesurvey 2.56.1 Limesurvey Limesurvey 2.57.0 Limesurvey Limesurvey 2.57.1 Limesurvey Limesurvey 2.58.0 Limesurvey Limesurvey 2.58.1 Limesurvey Limesurvey 2.58.2 Limesurvey Limesurvey 2.59.0 Limesurvey Limesurvey 2.59.1 Limesurvey Limesurvey 2.62.0 Limesurvey Limesurvey 2.62.1 Limesurvey Limesurvey 2.62.2 Limesurvey Limesurvey 2.63.0 Limesurvey Limesurvey 2.63.1 Limesurvey Limesurvey 2.64.0 Limesurvey Limesurvey 2.64.1 Limesurvey Limesurvey 2.64.2 Limesurvey Limesurvey 2.64.3 Limesurvey Limesurvey 2.64.4 Limesurvey Limesurvey 2.64.5 Limesurvey Limesurvey 2.64.6 Limesurvey Limesurvey 2.64.7 Limesurvey Limesurvey 2.65.0 Limesurvey Limesurvey 2.65.1 Limesurvey Limesurvey 2.65.2 Limesurvey Limesurvey 2.65.3 Limesurvey Limesurvey 2.65.4 Limesurvey Limesurvey 2.65.5 Limesurvey Limesurvey 2.65.6 Limesurvey Limesurvey 2.66.6 Limesurvey Limesurvey 2.67.0 Limesurvey Limesurvey 2.67.1 Limesurvey Limesurvey 2.67.2 Limesurvey Limesurvey 2.67.3 Limesurvey Limesurvey 2.70.0 Limesurvey Limesurvey 2.71.0 Limesurvey Limesurvey 2.71.1 Limesurvey Limesurvey 2.72.0 Limesurvey Limesurvey 2.72.1 Limesurvey Limesurvey 2.72.2 Limesurvey Limesurvey 2.72.3 Limesurvey Limesurvey 2.72.4 Limesurvey Limesurvey 2.72.5 Limesurvey Limesurvey 2.72.6 Limesurvey Limesurvey 2.73.0 Limesurvey Limesurvey 2.73.1 Limesurvey Limesurvey 3.0.0 Limesurvey Limesurvey 3.0.1 Limesurvey Limesurvey 3.0.2 Limesurvey Limesurvey 3.0.3 Limesurvey Limesurvey 3.0.4 Limesurvey Limesurvey 3.0.5 Limesurvey Limesurvey 3.1.0 Limesurvey Limesurvey 3.1.1 Limesurvey Limesurvey 3.2.0 Limesurvey Limesurvey 3.2.1 Limesurvey Limesurvey 3.4.2 Limesurvey Limesurvey 3.6.2 Limesurvey Limesurvey 3.14.3 Limesurvey Limesurvey 3.14.4 Limesurvey Limesurvey 3.14.5 Limesurvey Limesurvey 3.14.6 Limesurvey Limesurvey 3.14.7 Limesurvey Limesurvey 3.14.8 Limesurvey Limesurvey 3.14.9 Limesurvey Limesurvey 3.14.10 Limesurvey Limesurvey 3.14.11 Limesurvey Limesurvey 3.15.0 Limesurvey Limesurvey 3.15.1 Limesurvey Limesurvey 3.15.2 Limesurvey Limesurvey 3.15.3 Limesurvey Limesurvey 3.15.4 Limesurvey Limesurvey 3.15.5 Limesurvey Limesurvey 3.15.6 Limesurvey Limesurvey 3.15.7 Limesurvey Limesurvey 3.15.8 Limesurvey Limesurvey 3.15.9	544

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Exploit-Db

file	exploits/php/webapps/46634.py
id	EDB-ID:46634
last seen	2019-04-02
modified	2019-04-02
platform	php
port
published	2019-04-02
reporter	Exploit-DB
source	https://www.exploit-db.com/download/46634
title	LimeSurvey < 3.16 - Remote Code Execution
type	webapps

Packetstorm

data source	https://packetstormsecurity.com/files/download/152200/tcpdf-deserialize.txt
id	PACKETSTORM:152200
last seen	2019-03-25
published	2019-03-22
reporter	polict
source	https://packetstormsecurity.com/files/152200/TCPDF-6.2.19-Deserialization-Remote-Code-Execution.html
title	TCPDF 6.2.19 Deserialization / Remote Code Execution

data source	https://packetstormsecurity.com/files/download/152360/limesurvey3-exec.txt
id	PACKETSTORM:152360
last seen	2019-04-05
published	2019-04-02
reporter	q3rv0
source	https://packetstormsecurity.com/files/152360/LimeSurvey-Deserialization-Remote-Code-Execution.html
title	LimeSurvey Deserialization Remote Code Execution

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References