← back
CVE-2019-9960

CVE-2019-9960

EPSS 13.4%
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 13.4%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
24 Mar 2019Published on NVD
02 Apr 2020Metasploit module available
Weaponization speed
375 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
Affected products
n/a · n/a