An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows malicious users to execute arbitrary code via a crafted PHP file.
limesurvey limesurvey 5.4.15