Description
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Instagram Plugin-InstaLinker Cross-Site Scripting (1.1.1)
OpenSSL Cryptographic Issues Vulnerability (CVE-2015-3197)
WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2003-1599)
WordPress Plugin Facebook Button by BestWebSoft Cross-Site Scripting (2.53)