CVE-2020-11455

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.

Basic Information

CVE State
PUBLISHED
Reserved Date
April 01, 2020
Published Date
April 01, 2020
Last Updated
August 04, 2024
Vendor
LimeSurvey
Product
LimeSurvey
Description
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
Tags
nuclei_scanner php

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

Score
92.77% (Percentile: 99.75%) as of 2025-06-30

Exploit Status

Exploited in the Wild
Yes (2025-06-20 00:00:00 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-06-21 12:00:35 UTC

Scanner Integrations

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel