A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem.
https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released