| An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0 up to and including 2.06 Build 151014. The application fails to validate serialized input to the admin backup endpoint index.php/admin/update/sa/backup, allowing attackers to specify arbitrary file paths using a crafted `datasupdateinfo` payload. The files are packaged in a ZIP archive and made available for download without authentication. This vulnerability can be exploited to read arbitrary files on the host system, including sensitive OS and configuration files. |
