CVE-2024-7887

A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 2.7 LOW
CVSS v2.0 3.3 LOW

2.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:L/Au:M/C:N/I:N/A:P

Exploitability : 6.4 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/Hebing123/cve/issues/67	Exploit Issue Tracking Third Party Advisory
https://vuldb.com/?ctiid.274874	Permissions Required VDB Entry
https://vuldb.com/?id.274874	Third Party Advisory VDB Entry
https://vuldb.com/?submit.387132	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:limesurvey:limesurvey:6.3.0:231016:*:*:*:*:*:*

History

30 Jan 2026, 20:51

Type	Values Removed	Values Added
CPE		cpe:2.3:a:limesurvey:limesurvey:6.3.0:231016::::::
References	~~() https://github.com/Hebing123/cve/issues/67 -~~	() https://github.com/Hebing123/cve/issues/67 - Exploit, Issue Tracking, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.274874 -~~	() https://vuldb.com/?ctiid.274874 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.274874 -~~	() https://vuldb.com/?id.274874 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.387132 -~~	() https://vuldb.com/?submit.387132 - Third Party Advisory, VDB Entry
First Time		Limesurvey Limesurvey limesurvey

19 Aug 2024, 12:59

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad fue encontrada en LimeSurvey 6.3.0-231016 y clasificada como problemática. Una función desconocida del archivo /index.php del componente File Upload es afectada por esta vulnerabilidad. La manipulación del tamaño del argumento conduce a la denegación de servicio. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

17 Aug 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-17 09:15

Updated : 2026-01-30 20:51

NVD link : CVE-2024-7887

Mitre link : CVE-2024-7887

CVE.ORG link : CVE-2024-7887

JSON object : View

Products Affected

limesurvey

limesurvey

CWE

CWE-404

Improper Resource Shutdown or Release

2.7 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

3.3 /10

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2024-7887

2.7^/10

3.3^/10

Attach tags to `CVE-2024-7887`