Description

The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.

Remediation

References

CVE-2019-9960

Related Vulnerabilities

PHP Other Vulnerability (CVE-2006-1608)

WordPress Plugin UserPro-Community and User Profile Multiple Vulnerabilities (5.1.4)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-7065)

MySQL CVE-2016-0659 Vulnerability (CVE-2016-0659)

WordPress Plugin Google Sitemap by BestWebSoft Cross-Site Scripting (3.0.7)

Severity

Critical

Classification

CVE-2019-9960 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities