Description

A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem.

Remediation

References

CVE-2019-16176

Related Vulnerabilities

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17302)

WordPress Plugin Multisite Global Search 'mssearch' Parameter Cross-Site Scripting (1.2.5)

WordPress Plugin WordPress Robots.txt optimization (+ XML Sitemap)-Website traffic, SEO & ranking Booster Security Bypass (1.4.3)

WordPress Plugin WP Rss Poster SQL Injection (1.0.0)

WordPress Plugin Gantry 4 Framework Cross-Site Scripting (4.1.5)

Severity

Medium

Classification

CVE-2019-16176 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities