CVE 2019-16184

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

See the CVE page on Mitre.org for more details.