EIP-2026-109140

This exploit demonstrates two vulnerabilities in LimeSurvey 1.92+ build 120620: a Remote File Inclusion (RFI) via the `rootdir` parameter in `replacements.php` and a Directory Traversal via the `sFullFilepath` parameter in `importsurvey.php`. Both require specific PHP configurations (`allow_url_include` and `register_globals` for RFI, `display_errors` and `register_globals` for traversal).