Description

PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

Remediation

References

CVE-2007-5573

Related Vulnerabilities

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-7491)

WordPress Plugin Quick Cache (Speed Without Compromise) Unspecified Vulnerability (140725)

WordPress Plugin Autoptimize Multiple Vulnerabilities (2.1.0)

WordPress Plugin Migration, Backup, Staging-WPvivid Directory Traversal (0.9.75)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7996)

Severity

Medium

Classification

CVE-2007-5573 CWE-94

Tags

Missing Update Known Vulnerabilities