Description
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2020-2830 Vulnerability (CVE-2020-2830)
WordPress Plugin Easy SVG Support Cross-Site Scripting (3.2.0)
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Unspecified Vulnerability (2.6.21)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5473)