cbcvebase.
CVE-2007-3632
published 2007-07-10

CVE-2007-3632: Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in…

PriorityP353medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
61.51%
99.1th percentile
Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.

Affected

1 ranges
VendorProductVersion rangeFixed in
limesurveylimesurvey

Detection & IOCsextracted from sources · hover to see the quote

path/admin/classes/pear/OLE/PPS/File.php
path/admin/classes/pear/OLE/PPS/Root.php
path/admin/classes/pear/Spreadsheet/Excel/Writer.php
path/admin/classes/pear/OLE/PPS.php
path/admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php
path/admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php
path/admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php
path/admin/classes/pear/Spreadsheet/Excel/Writer/Format.php
path/admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php
  • Detect RFI exploitation attempts by monitoring HTTP requests to the vulnerable PHP files containing a URL-like value in the 'homedir' GET parameter
  • Use the Google dork to identify exposed LimeSurvey 1.49RC2 instances that may be targeted
  • All nine vulnerable files share the same attack vector: the 'homedir' parameter is used for remote file inclusion across admin/classes/pear/ subdirectories
  • ·Vulnerability only affects LimeSurvey (PHPSurveyor) version 1.49RC2 specifically; other versions are not confirmed affected by this CVE
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.