Published: 10/07/2007 Updated: 29/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote malicious users to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
limesurvey limesurvey 1.49_rc2

## Owner : Pr0T3cT10n ## Email : Pr0T3cT10n@GmailCom ## Homepage : wwwkamikaz-teamcom ## Script site : wwwlimesurveyorg ## Script name : LimeSurvey (PHPSurveyor) ## Version : 149RC2 ## Type : RFI(Remote File Include) ## Source : sourceforgenet/project/showfilesphp?group_id=74605 ## D0rk : "You have not provided a survey identificatio ...

NVD-CWE-Other http://www.vupen.com/english/advisories/2007/2459 http://osvdb.org/45796 http://osvdb.org/45797 http://osvdb.org/45798 http://osvdb.org/45799 http://osvdb.org/45791 http://osvdb.org/45792 http://osvdb.org/45793 http://osvdb.org/45794 http://osvdb.org/45795 https://exchange.xforce.ibmcloud.com/vulnerabilities/35284 https://www.exploit-db.com/exploits/4156 https://nvd.nist.gov https://www.exploit-db.com/exploits/4156/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-3632

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect