Lucene search

PRIOn knowledge basePRION:CVE-2007-3632

HistoryJul 10, 2007 - 12:30 a.m.

Remote file inclusion

2007-07-1000:30:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

0.519 Medium

EPSS

Percentile

97.6%

JSON

Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.

CPENameOperatorVersion
limesurveyeq1.49.0-rc2

CPE	Name	Operator	Version
	limesurvey	eq	1.49.0-rc2

References

osvdb.org/45791

osvdb.org/45792

osvdb.org/45793

osvdb.org/45794

osvdb.org/45795

osvdb.org/45796

osvdb.org/45797

osvdb.org/45798

osvdb.org/45799

www.vupen.com/english/advisories/2007/2459

exchange.xforce.ibmcloud.com/vulnerabilities/35284

www.exploit-db.com/exploits/4156