Unrated severityNVD Advisory· Published Feb 22, 2022· Updated Feb 20, 2025
CVE-2021-44967
CVE-2021-44967
Description
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. NOTE: the Supplier's position is that plugins intentionally can contain arbitrary PHP code, and can only be installed by a superadmin, and therefore the security model is not violated by this finding.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 5.2.4
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.