Description

PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

Remediation

References

CVE-2007-5573

Related Vulnerabilities

MediaWiki Other Vulnerability (CVE-2005-1245)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2019-11048)

Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1610)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2018-14720)

Oracle Application Server Other Vulnerability (CVE-2006-5358)

Severity

Medium

Classification

CVE-2007-5573 CWE-94

Tags

Missing Update Known Vulnerabilities