CVE-2019-9960
published 2019-03-24CVE-2019-9960: The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
13.37%
95.9th percentile
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| limesurvey | limesurvey | <= 3.16.1\+190225 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting the downloadZip/szip functionality in LimeSurvey's export controller for path traversal sequences (e.g., '../') in parameters, indicating exploitation of CVE-2019-9960. ↗
- →Alert on authenticated POST/GET requests to application/controllers/admin/export.php containing relative path components, as this is the vulnerable endpoint for CVE-2019-9960. ↗
- →The Metasploit auxiliary module limesurvey_zip_traversals.rb can be used to verify exposure; detect its use by correlating scanner activity against LimeSurvey admin endpoints. ↗
- ·Exploitation requires authentication; unauthenticated access to the vulnerable endpoint is not sufficient to trigger CVE-2019-9960. ↗
- ·CVE-2019-9960 affects LimeSurvey versions up to and including 3.15.9 (and up to 3.16.1+190225 per NVD); distinguish from CVE-2020-11455 which affects 4.0–4.1.11 and uses a different vulnerable function (getZipFile in filemanager). ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2019-03-24
Published