Podatność CVE-2018-17057

Podatność CVE-2018-17057

Publikacja: 2018-09-14 Modyfikacja: 2018-09-15

Opis:

	Tytuł	Autor	Data
High	TCPDF 6.2.19 Deserialization / Remote Code Execution	polict	25.03.2019
High	LimeSurvey Deserialization Remote Code Execution	q3rv0	02.04.2019

Typ:

(Deserialization of Untrusted Data)

Ogólna skala CVSS	Znaczenie	Łatwość wykorzystania
7.5/10	6.4/10	10/10

Affected software
Limesurvey -> Limesurvey

http://packetstormsecurity.com/files/152200/TCPDF-6.2.19-Deserialization-Remote-Code-Execution.html

http://packetstormsecurity.com/files/152360/LimeSurvey-Deserialization-Remote-Code-Execution.html

http://seclists.org/fulldisclosure/2019/Mar/36

https://contao.org/en/news/security-vulnerability-cve-2018-17057.html

https://github.com/LimeSurvey/LimeSurvey/commit/1cdd78d27697b3150bb44aaa7af1a81062a591a5

https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed

https://www.exploit-db.com/exploits/46634/