Description
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2935)
WordPress Plugin Cookie Information-Free GDPR Consent Solution Cross-Site Scripting (1.5.5)
WordPress Plugin Catchers Helpdesk and Ticket system for Support Cross-Site Scripting (1.0.3)
Jenkins CVE-2023-27904 Vulnerability (CVE-2023-27904)
WordPress Plugin Timetable and Event Schedule by MotoPress Cross-Site Scripting (2.3.18)