Description In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, Remediation References CVE-2018-16397 Related Vulnerabilities WordPress Plugin Site Import Remote File Inclusion (1.0.1) WordPress Plugin WP-HR Manager:The Human Resources Unspecified Vulnerability (2.9.4) PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-1381) Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37065) XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16683) Severity Medium Classification CVE-2018-16397 CWE-434 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Tags Missing Update Known Vulnerabilities