Unrated severityNVD Advisory· Published Feb 22, 2022· Updated Feb 20, 2025

CVE-2021-44967

Description

A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. NOTE: the Supplier's position is that plugins intentionally can contain arbitrary PHP code, and can only be installed by a superadmin, and therefore the security model is not violated by this finding.

Affected products

LimeSurvey/LimeSurveydescription
osv-coords
pkg:bitnami/limesurvey
Range: >= 5.2.4, < 5.2.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/50573mitre
www.limesurvey.org/manual/Plugins_-_advancedmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.061
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000