PT-2019-14312 · Limesurvey · Limesurvey

Michele Cisternino

·

Publicado

2019-08-26

·

Atualizado

2019-09-03

·

CVE-2019-15640

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Limesurvey versions prior to 3.17.10
Description The issue arises from inadequate validation of both the MIME type and file extension of an image. This lack of validation could potentially be exploited.
Recommendations For versions prior to 3.17.10, update to version 3.17.10 or later to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2019-15640

Produtos afetados

Limesurvey