Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2024-7887
Good to know:
Date: August 17, 2024
A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Resource Shutdown or Release
CWE-404Top Fix
Upgrade Version
Upgrade to version limesurvey/limesurvey - dev-on-update-values-v4;limesurvey/limesurvey - dev-dependabot/npm_and_yarn/assets/packages/adminbasics/terser-5.14.2;limesurvey/limesurvey - dev-fixv3-16987;limesurvey/limesurvey - 6.6.0+240729;limesurvey/limesurvey - dev-snyk-upgrade-2721d74513ebeb6a032896d25085b820;limesurvey/limesurvey - dev-3.x-LTS;limesurvey/limesurvey - dev-dependabot/npm_and_yarn/assets/packages/adminsidepanel/terser-4.8.1;limesurvey/limesurvey - dev-findfix6
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | HIGH |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | LOW |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | LOW |
| Authentication (AU): | MULTIPLE |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | PARTIAL |
| Additional information: |