VYPR
High severity8.8OSV Advisory· Published Sep 6, 2018· Updated Jun 17, 2026

CVE-2018-1000658

CVE-2018-1000658

Description

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Limesurvey/LimesurveyOSV2 versions
    1.45a, 1.45a_2007-02-24, 1.50_2007-08-06, …+ 1 more
    • (no CPE)range: 1.45a, 1.45a_2007-02-24, 1.50_2007-08-06, …
    • (no CPE)range: <3.14.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.