CNNVD-202507-2275 Information
CNNVD ID
CNNVD-202507-2275
Related CVE
- CNNVD Published: 2025-07-16
Description (Chinese)
LimeSurvey(PHPSurveyor)是LimeSurvey团队的一套开源的在线问卷调查程序,它支持调查程序开发、调查问卷发布以及数据收集等功能。 LimeSurvey 2.06+ Build 151014及之前版本存在安全漏洞,该漏洞源于未验证序列化输入,可能导致读取主机系统上的任意文件。
Description (English)
LimeSurvey (PHPSurveyor) is an open-source online questionnaire programme for the LimeSurvey team, which supports the development of survey procedures, the publication of questionnaires and the collection of data. There is a security loophole in LimeSurvey 2.06+ Build 151014 and earlier versions, which originates from unverified serialized input and may lead to the reading of random files on the mainframe system.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
LimeSurvey
Published
2025-07-16
Last Modified
2026-02-24
References
https://packetstorm.news/files/id/180855 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/ https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-lime-survey/ https://www.limesurvey.org/blog/22-security/136-limesurvey-security-advisory-10-2015 https://web.archive.org/web/20210123073627/ https://www.vulncheck.com/advisories/limesurvey-unauthenticated-arbitrary-file-download