CVE-2020-11455

Description

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.

How to fix CVE-2020-11455

To remediate CVE-2020-11455, upgrade the affected package to a fixed version below.

• Bitnami/limesurvey—upgrade to 4.1.12 or later

Is CVE-2020-11455 being exploited?

Likely — EPSS is 93.2%, placing CVE-2020-11455 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 4.1.12, >= 4.1.12-200324, < 4.1.12, >= 4.1.12, < 4.1.13

CVSS scores

References (4)

• WEBpacketstormsecurity.com/files/157112/LimeSurvey-4.1.11-Path-Traversal.html
• WEBgithub.com/LimeSurvey/LimeSurvey/commit/daf50ebb16574badfb7ae0b8526ddc5871378f1b
• WEBnvd.nist.gov/vuln/detail/CVE-2020-11455
• WEBwww.exploit-db.com/exploits/48297