CVE-2024-7887

CVSS v3 2.7 LOW
CVSS v2.0 3.3 LOW

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:L/Au:M/C:N/I:N/A:P

Exploitability : 6.4 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

A

vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

Link	Resource
https://github.com/Hebing123/cve/issues/67	Exploit Issue Tracking Third Party Advisory
https://vuldb.com/?ctiid.274874	Permissions Required VDB Entry
https://vuldb.com/?id.274874	Third Party Advisory VDB Entry
https://vuldb.com/?submit.387132	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:limesurvey:limesurvey:6.3.0:231016:*:*:*:*:*:*

History

30 Jan 2026, 20:51

Type	Values Removed	Values Added
First Time		Limesurvey limesurvey Limesurvey
CPE		cpe:2.3:a:limesurvey:limesurvey:6.3.0:231016::::::
References	~~() https://github.com/Hebing123/cve/issues/67 -~~	() https://github.com/Hebing123/cve/issues/67 - Exploit, Issue Tracking, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.274874 -~~	() https://vuldb.com/?ctiid.274874 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.274874 -~~	() https://vuldb.com/?id.274874 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.387132 -~~	() https://vuldb.com/?submit.387132 - Third Party Advisory, VDB Entry

19 Aug 2024, 12:59

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-17 09:15

Updated : 2026-01-30 20:51

NVD link : CVE-2024-7887

Mitre link : CVE-2024-7887

CVE.ORG link : CVE-2024-7887

JSON object : View

Products Affected

limesurvey

CWE

CWE-404

Improper Resource Shutdown or Release

{"id": "CVE-2024-7887", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P", "authentication": "MULTIPLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-08-17T09:15:12.040", "references": [{"url": "https://github.com/Hebing123/cve/issues/67", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.274874", "tags": ["Permissions Required", "VDB Entry"], "source": "[email protected]"}, {"url": "https://vuldb.com/?id.274874", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.387132", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-404"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en LimeSurvey 6.3.0-231016 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /index.php del componente File Upload es afectada por esta vulnerabilidad. La manipulaci\u00f3n del tama\u00f1o del argumento conduce a la denegaci\u00f3n de servicio. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "lastModified": "2026-01-30T20:51:22.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:limesurvey:limesurvey:6.3.0:231016:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04395471-4D77-48F6-A915-D9EA1BB97190"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}