Vulnerabilities > CVE-2018-17057 - Deserialization of Untrusted Data vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
tecnick
limesurvey
CWE-502
exploit available

Summary

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Vulnerable Configurations

Part Description Count
Application
Tecnick
1
Application
Limesurvey
518

Common Weakness Enumeration (CWE)

Exploit-Db

fileexploits/php/webapps/46634.py
idEDB-ID:46634
last seen2019-04-02
modified2019-04-02
platformphp
port
published2019-04-02
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/46634
titleLimeSurvey < 3.16 - Remote Code Execution
typewebapps

Packetstorm