Description

PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

Remediation

References

CVE-2007-5573

Related Vulnerabilities

PHP Out-of-bounds Read Vulnerability (CVE-2018-20783)

WordPress 4.5.x PHP Object Injection (4.5 - 4.5.23)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-3092)

MySQL Other Vulnerability (CVE-2005-2558)

WordPress Plugin BuddyPress Edit Activity Cross-Site Scripting (1.0.5)

Severity

Medium

Classification

CVE-2007-5573 CWE-94

Tags

Missing Update Known Vulnerabilities