First published: Mon Sep 03 2018(Updated: )
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | <3.14.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-16397.
The severity of CVE-2018-16397 is medium.
An admin user can exploit CVE-2018-16397 by leveraging a file upload question to read an arbitrary file.
LimeSurvey versions up to, but not including, 3.14.7 are affected by CVE-2018-16397.
You can find more information about CVE-2018-16397 at the following link: [github.com/LimeSurvey/LimeSurvey/blob/3be9b41e76826b57f5860d18d93b23f47d59d2e4/docs/release_notes.txt#L51](github.com/LimeSurvey/LimeSurvey/blob/3be9b41e76826b57f5860d18d93b23f47d59d2e4/docs/release_notes.txt#L51)