← back
CVE-2020-11455

CVE-2020-11455

EPSS 97.0%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 97.0%KEV nãoPoC públicaNuclei simMetasploit simPatch
Lifecycle
01 Apr 2020Published on NVD
02 Apr 2020Metasploit module available
Recommendation: Plan a near-term fix — a public PoC already exists.
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/157112/LimeSurvey-4.1.11-Path-Traversal.htmlunverifiedcve_referencewww.exploit-db.com/exploits/48297unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/157112/LimeSurvey-4.1.11-Path-Traversal.htmlhttps://github.com/LimeSurvey/LimeSurvey/commit/daf50ebb16574badfb7ae0b8526ddc5871378f1bhttps://www.exploit-db.com/exploits/48297