Description

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,

Remediation

References

CVE-2018-16397

Related Vulnerabilities

Moodle Other Vulnerability (CVE-2004-1711)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2531)

WordPress Plugin Booster for WooCommerce Multiple Cross-Site Scripting Vulnerabilities (5.4.8)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1317)

Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-23163)

Severity

Medium

Classification

CVE-2018-16397 CWE-434 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities