Description

The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.

Remediation

References

CVE-2019-9960

Related Vulnerabilities

WordPress Plugin Export any WordPress data to XML/CSV Arbitrary File Upload (0.9)

PHP Improper Input Validation Vulnerability (CVE-2011-1470)

Oracle JRE Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-1493)

WordPress Plugin Events Manager Extended 'admin.php' SQL Injection (3.1.2)

Drupal Core 9.0.0 Cross-Site Request Forgery (9.0.0)

Severity

Critical

Classification

CVE-2019-9960 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities