Vulnerabilities > Limesurvey > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-27 CVE-2022-48008 Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey 5.4.15
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
limesurvey CWE-434
critical
9.8
2022-02-24 CVE-2021-44967 Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey 5.2.4
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.
network
low complexity
limesurvey CWE-434
critical
9.0