Description
PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
Remediation
References
Related Vulnerabilities
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-7491)
WordPress Plugin Quick Cache (Speed Without Compromise) Unspecified Vulnerability (140725)
WordPress Plugin Autoptimize Multiple Vulnerabilities (2.1.0)
WordPress Plugin Migration, Backup, Staging-WPvivid Directory Traversal (0.9.75)