Description In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, Remediation References CVE-2018-16397 Related Vulnerabilities Apache HTTP Server Other Vulnerability (CVE-2000-0869) Oracle Database Server CVE-2014-2478 Vulnerability (CVE-2014-2478) WordPress Plugin NotificationX-WooCommerce Sales Notification Popup, Custom & Live Sales Notification, FOMO, Social Proof, Announcement Banner & Sticky Notification Bar SQL Injection (2.3.11) Joomla! Core Multiple SQL Injection Vulnerabilities (2.5.0 - 3.9.13) Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-3171) Severity Medium Classification CVE-2018-16397 CWE-434 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Tags Missing Update Known Vulnerabilities