LimeSurvey File Upload index.php denial of service
CVE-2024-7887

2.7LOW

Key Information:

Vendor

LimeSurvey

Status
Limesurvey
Vendor
CVE Published:
17 August 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-7887?

A vulnerability has been identified in the file upload functionality of LimeSurvey v6.3.0-231016 associated with improper input validation in the /index.php component. Attackers can exploit this vulnerability by manipulating the argument size, which may result in a denial of service condition. This issue can be triggered remotely, posing a risk to users and their systems. The matter has been publicly disclosed, and despite prior notification, the vendor has not provided any response to address this critical security concern.

Affected Version(s)

LimeSurvey 6.3.0-231016

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7887 - Proof of Concept

References

https://vuldb.com/?id.274874
vdb-entrytechnical-description
https://vuldb.com/?ctiid.274874
signaturepermissions-required
https://vuldb.com/?submit.387132
third-party-advisory

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

jiashenghe (VulDB User)
.