Today we found out about an Remote File Include hack for the actual LimeSurvey version (which only works if your register_globals PHP setting is set to ON). As always we created a patched LimeSurvey version within a few hours which is now available . We strongly advise to update to this latest 1.52plus version! Fast fix: Replace the language.php with the new language.php from the download package. Still we recommended to do a full upgrade to take advantage of all the latest fixes.