High severity8.8OSV Advisory· Published Sep 6, 2018· Updated Jun 17, 2026
CVE-2018-1000658
CVE-2018-1000658
Description
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.45a, 1.45a_2007-02-24, 1.50_2007-08-06, …+ 1 more
- (no CPE)range: 1.45a, 1.45a_2007-02-24, 1.50_2007-08-06, …
- (no CPE)range: <3.14.4
Patches
Vulnerability mechanics
References
2- github.com/LimeSurvey/LimeSurvey/commit/20fc85edccc80e7e7f162613542792380c44446anvdPatchThird Party Advisory
- github.com/LimeSurvey/LimeSurvey/commit/91d143230eb357260a19c8424b3005deb49a47f7nvdPatchThird Party Advisory
News mentions
0No linked articles in our index yet.