CVE-2025-34120P2HIGHCVSS 8.7PoC≥ 2.0+, ≤ 2.06+ Build 1510142025-07-16
CVE-2025-34120 [HIGH] CWE-22 CVE-2025-34120: An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and inc
An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup endpoint (`index.php/admin/update/sa/backup`), allowing attackers to specify arbitrary file paths using a crafted `datasupdateinfo` payload. The files are p
nvd