Description
LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)
WordPress Plugin WP Cost Estimation & Payment Forms Builder Directory Traversal (9.659)
MySQL CVE-2022-39402 Vulnerability (CVE-2022-39402)
MySQL CVE-2023-22095 Vulnerability (CVE-2023-22095)
WordPress Plugin Auto Post to Social Media-WordPress to Buffer Cross-Site Scripting (3.7.4)