Description

PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

Remediation

References

CVE-2007-5573

Related Vulnerabilities

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17571)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2010-3933)

WordPress Plugin YouSayToo auto-publishing 'submit' Parameter Cross-Site Scripting (1.0.1)

WordPress Plugin WP Customer Area Cross-Site Scripting (7.4.2)

WordPress Plugin Age Verification 'redirect_to' Parameter URI Redirection (0.4)

Severity

Medium

Classification

CVE-2007-5573 CWE-94

Tags

Missing Update Known Vulnerabilities