Pichaya Morimoto

**Name of the Vulnerable Software and Affected Versions** LimeSurvey versions 2.0 through 2.06+ Build 151014 **Description** An unauthenticated file download issue exists in the application. The application does not validate serialized input to the admin backup endpoint (`index.php/admin/update/sa/backup`), allowing attackers to specify arbitrary file paths using a crafted `datasupdateinfo` payload. This can lead to the ability to read arbitrary files on the host system, including sensitive OS and configuration files. **Recommendations** LimeSurvey versions 2.0 through 2.06+ Build 151014: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Action Network plugin for WordPress version 1.4.3 **Description** The issue arises from insufficient escaping on the user-supplied `bulk-action` parameter and lack of sufficient preparation on the existing SQL query, allowing authenticated attackers with administrator-level access and above to append additional SQL queries into already existing queries. This can be used to extract sensitive information from the database. **Recommendations** For version 1.4.3, consider disabling the `bulk-action` parameter until a patch is available to prevent potential SQL injection attacks. Restrict access to the database to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.