Advanced Poll

Advanced Poll

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2007-0845

Exploit
  • EPSS 6.15%
  • Veröffentlicht 08.02.2007 18:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.

5.1

CVE-2006-2130

  • EPSS 0.62%
  • Veröffentlicht 01.05.2006 23:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in include/class_poll.php in Advanced Poll 2.0.4 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

5

CVE-2006-2131

  • EPSS 0.64%
  • Veröffentlicht 01.05.2006 23:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions.

7.5

CVE-2006-1616

Exploit
  • EPSS 0.52%
  • Veröffentlicht 05.04.2006 10:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php.

4.3

CVE-2006-1617

Exploit
  • EPSS 0.35%
  • Veröffentlicht 05.04.2006 10:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this iss...

4.3

CVE-2005-3742

Exploit
  • EPSS 0.51%
  • Veröffentlicht 22.11.2005 11:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter.

7.5

CVE-2003-1178

Exploit
  • EPSS 1.5%
  • Veröffentlicht 31.12.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter.

7.5

CVE-2003-1179

Exploit
  • EPSS 8.31%
  • Veröffentlicht 31.12.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path paramet...

7.5

CVE-2003-1180

  • EPSS 1.17%
  • Veröffentlicht 31.12.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tp...

5

CVE-2003-1181

Exploit
  • EPSS 7.54%
  • Veröffentlicht 25.10.2003 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function.