Vulnerabilities > CVE-2007-3632 - Remote Security vulnerability in Limesurvey 1.49Rc2

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

limesurvey

exploit available

NVD

Published: 2007-07-10

Updated: 2017-09-29

Summary

Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.

Vulnerable Configurations

Part	Description	Count
Application	Limesurvey Limesurvey Limesurvey 1.49_Rc2	1

Exploit-Db

description	LimeSurvey (PHPSurveyor) 1.49RC2 Remote File Inclusion Vulnerability. CVE-2007-3632. Webapps exploit for php platform
file	exploits/php/webapps/4156.txt
id	EDB-ID:4156
last seen	2016-01-31
modified	2007-07-06
platform	php
port
published	2007-07-06
reporter	Yakir Wizman
source	https://www.exploit-db.com/download/4156/
title	limesurvey phpsurveyor 1.49rc2 - Remote File Inclusion Vulnerability
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References