EIP-2026-109140

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109140. PoCs published by dun.

AI-analyzed exploit summary This exploit demonstrates two vulnerabilities in LimeSurvey 1.92+ build 120620: a Remote File Inclusion (RFI) via the `rootdir` parameter in `replacements.php` and a Directory Traversal via the `sFullFilepath` parameter in `importsurvey.php`. Both require specific PHP configurations (`allow_url_include` and `register_globals` for RFI, `display_errors` and `register_globals` for traversal).

Description

LimeSurvey 1.92+ build120620 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by dun · textwebappsphp

https://www.exploit-db.com/exploits/19330

View Code ZIP pw:eip

This exploit demonstrates two vulnerabilities in LimeSurvey 1.92+ build 120620: a Remote File Inclusion (RFI) via the `rootdir` parameter in `replacements.php` and a Directory Traversal via the `sFullFilepath` parameter in `importsurvey.php`. Both require specific PHP configurations (`allow_url_include` and `register_globals` for RFI, `display_errors` and `register_globals` for traversal).

Classification

Working Poc 90%

Attack Type

Rce | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: LimeSurvey 1.92+ build 120620

No auth needed

Prerequisites: PHP `allow_url_include` enabled for RFI · PHP `register_globals` enabled for both vulnerabilities · PHP `display_errors` enabled for Directory Traversal

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

LimeSurvey 1.92+ build120620 - Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details