LimeSurvey Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running LimeSurvey and is prone to Information Disclosure vulnerability.

Impact

Successful exploitation will let the attacker gain sensitive information by executing arbitrary commands inside the context of the affected web application. Impact Level: Application

Solution

Upgrade to LimeSurvey version 1.82 or later http://www.limesurvey.org/content/view/22/82/lang,en

Insight

Error in a script in '/admin/remotecontrol/' and can be exploited to view and manipulate files, which may allow the execution of e.g. arbitrary PHP code.

Affected

LimeSurvey version prior to 1.82

References

http://secunia.com/advisories/34946
http://www.limesurvey.org/content/view/169/1/lang
http://www.vupen.com/english/advisories/2009/1219

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1604

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
ApPHP MicroBlog Remote Code Execution Vulnerability
ArticleFR CMS Multiple Vulnerabilities - Jan15
appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities

Take action and discover your vulnerabilities