Description

PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

Remediation

References

CVE-2007-5573

Related Vulnerabilities

MySQL CVE-2022-21595 Vulnerability (CVE-2022-21595)

WordPress Plugin WP Visitor Statistics (Real Time Traffic) Unspecified Vulnerability (4.8)

WordPress Plugin is_human() 'type' Parameter Remote Command Injection (1.4.2)

Python Integer Overflow or Wraparound Vulnerability (CVE-2018-20406)

PHP Other Vulnerability (CVE-2015-8866)

Severity

Medium

Classification

CVE-2007-5573 CWE-94

Tags

Missing Update Known Vulnerabilities