Description
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2006-1608)
WordPress Plugin UserPro-Community and User Profile Multiple Vulnerabilities (5.1.4)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-7065)
MySQL CVE-2016-0659 Vulnerability (CVE-2016-0659)
WordPress Plugin Google Sitemap by BestWebSoft Cross-Site Scripting (3.0.7)