Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in LimeSurvey aka PHPSurveyor 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to 1 OLE/PPS/File.php, 2 OLE/PPS/Root.php, 3 Spreadsheet/Excel/Writer.php, or 4 OLE/PPS.php in admin/classes/pear/; or 5...