CVE-2018-1000658

Name of the Vulnerable Software and Affected Versions LimeSurvey versions prior to 3.14.4

Description The issue concerns a file upload vulnerability in the upload functionality, which can lead to code execution via a webshell. An attacker can exploit this by uploading a zip archive containing malicious php files as an authenticated user. These malicious files can be executed under certain circumstances.

Recommendations For versions prior to 3.14.4, update to version 3.14.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the upload functionality to minimize the risk of exploitation. Avoid allowing authenticated users to upload zip archives until the issue is resolved.