Exploits / Vulnerability Discovered : 2020-04-06 |
Type : webapps |
Platform : php
This exploit / vulnerability Limesurvey 4.1.11 file manager path traversal is for educational purposes only and if it is used you will do on your own risk!
# Vulnerability Details
# Description : A path traversal vulnerability exists within the "File Manager" functionality of LimeSurvey
# that allows an attacker to download arbitrary files. The file manager functionality will also
# delete the file after it is downloaded (if the web service account has permissions to do so),
# allowing an attacker to cause a denial of service by specifying a critical LimeSurvey configuration file.
Vulnerable Parameter : "path"