CVE-2026-50636: Limesurvey Path Traversal From Extension Name

Concatenating an unvalidated configuration name to a file path allows path traversal and arbitrary file creation/write.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0

PHP^β

greprules fetch cve-2026-50636-limesurvey-path-traversal-from-extension-name --engine opengrep

Description

Concatenating an unvalidated configuration name to a file path allows path traversal and arbitrary file creation/write.

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 147 downloads
2 direct145 via packs
· 0 stars · Quality score 77How quality works
Included packs: 2 packs

0 signals from signed-in users.