View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 14824 | Bug reports | Security | public | 2019-04-30 08:55 | 2019-04-30 09:22 |
| Reporter | bewi | Assigned To | c_schmitz | ||
| Priority | none | Severity | minor | ||
| Status | closed | Resolution | duplicate | ||
| Product Version | 3.17.x | ||||
| Fixed in Version | 3.17.x | ||||
| Summary | 14824: old version of TCPDF | ||||
| Description | An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. | ||||
| Tags | No tags attached. | ||||
| Bug heat | 250 | ||||
| Complete LimeSurvey version number (& build) | Version 3.17.1+190408 | ||||
| I will donate to the project if issue is resolved | No | ||||
| Browser | |||||
| Database type & version | * | ||||
| Server OS (if known) | |||||
| Webserver software & version (if known) | |||||
| PHP Version | * | ||||
| duplicate of | 14670 | closed | DenisChenu | Remote Code Execution in Limesurvey <= 3.16.x via Deserialization Attack in "tcpdf" |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-04-30 08:55 | bewi | New Issue | |
| 2019-04-30 09:22 | c_schmitz | Relationship added | duplicate of 14670 |
| 2019-04-30 09:22 | c_schmitz | Assigned To | => c_schmitz |
| 2019-04-30 09:22 | c_schmitz | Status | new => closed |
| 2019-04-30 09:22 | c_schmitz | Resolution | open => duplicate |
| 2019-04-30 09:22 | c_schmitz | Fixed in Version | => 3.17.x |
