Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-3632

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-10 Jul, 2007 | 00:00
Updated At-07 Aug, 2024 | 14:21
Rejected At-
Credits

Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:10 Jul, 2007 | 00:00
Updated At:07 Aug, 2024 | 14:21
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/35284
vdb-entry
x_refsource_XF
http://osvdb.org/45799
vdb-entry
x_refsource_OSVDB
http://osvdb.org/45793
vdb-entry
x_refsource_OSVDB
http://osvdb.org/45795
vdb-entry
x_refsource_OSVDB
http://osvdb.org/45791
vdb-entry
x_refsource_OSVDB
http://osvdb.org/45792
vdb-entry
x_refsource_OSVDB
http://osvdb.org/45796
vdb-entry
x_refsource_OSVDB
https://www.exploit-db.com/exploits/4156
exploit
x_refsource_EXPLOIT-DB
http://osvdb.org/45797
vdb-entry
x_refsource_OSVDB
http://www.vupen.com/english/advisories/2007/2459
vdb-entry
x_refsource_VUPEN
http://osvdb.org/45794
vdb-entry
x_refsource_OSVDB
http://osvdb.org/45798
vdb-entry
x_refsource_OSVDB
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35284
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://osvdb.org/45799
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://osvdb.org/45793
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://osvdb.org/45795
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://osvdb.org/45791
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://osvdb.org/45792
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://osvdb.org/45796
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://www.exploit-db.com/exploits/4156
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://osvdb.org/45797
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.vupen.com/english/advisories/2007/2459
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://osvdb.org/45794
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://osvdb.org/45798
Resource:
vdb-entry
x_refsource_OSVDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/35284
vdb-entry
x_refsource_XF
x_transferred
http://osvdb.org/45799
vdb-entry
x_refsource_OSVDB
x_transferred
http://osvdb.org/45793
vdb-entry
x_refsource_OSVDB
x_transferred
http://osvdb.org/45795
vdb-entry
x_refsource_OSVDB
x_transferred
http://osvdb.org/45791
vdb-entry
x_refsource_OSVDB
x_transferred
http://osvdb.org/45792
vdb-entry
x_refsource_OSVDB
x_transferred
http://osvdb.org/45796
vdb-entry
x_refsource_OSVDB
x_transferred
https://www.exploit-db.com/exploits/4156
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://osvdb.org/45797
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.vupen.com/english/advisories/2007/2459
vdb-entry
x_refsource_VUPEN
x_transferred
http://osvdb.org/45794
vdb-entry
x_refsource_OSVDB
x_transferred
http://osvdb.org/45798
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35284
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://osvdb.org/45799
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://osvdb.org/45793
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://osvdb.org/45795
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://osvdb.org/45791
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://osvdb.org/45792
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://osvdb.org/45796
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/4156
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://osvdb.org/45797
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/2459
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://osvdb.org/45794
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://osvdb.org/45798
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Jul, 2007 | 00:30
Updated At:29 Sep, 2017 | 01:29

Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
limesurvey
limesurvey
>>limesurvey>>1.49_rc2
cpe:2.3:a:limesurvey:limesurvey:1.49_rc2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/45791cve@mitre.org
N/A
http://osvdb.org/45792cve@mitre.org
N/A
http://osvdb.org/45793cve@mitre.org
N/A
http://osvdb.org/45794cve@mitre.org
N/A
http://osvdb.org/45795cve@mitre.org
N/A
http://osvdb.org/45796cve@mitre.org
N/A
http://osvdb.org/45797cve@mitre.org
N/A
http://osvdb.org/45798cve@mitre.org
N/A
http://osvdb.org/45799cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2007/2459cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/35284cve@mitre.org
N/A
https://www.exploit-db.com/exploits/4156cve@mitre.org
N/A
Hyperlink: http://osvdb.org/45791
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/45792
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/45793
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/45794
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/45795
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/45796
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/45797
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/45798
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/45799
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/2459
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35284
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/4156
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2019-16174
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.13% / 77.41%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 20:43
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.

Action-Not Available
Vendor-limesurveyn/a
Product-limesurveyn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1000053
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.79%
||
7 Day CHG-0.01%
Published-09 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be used to send a GET request to the affected endpoint.

Action-Not Available
Vendor-limesurveyn/a
Product-limesurveyn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2007-5573
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.50% / 80.40%
||
7 Day CHG~0.00%
Published-18 Oct, 2007 | 21:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

Action-Not Available
Vendor-limesurveyn/a
Product-limesurveyn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
Details not found