Published: 18/04/2007 Updated: 16/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote malicious users to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297.

Vulnerable Product	Search on Vulmon	Subscribe to Product
actionpoll actionpoll 1.1.0
actionpoll actionpoll 1.1.1

source: wwwsecurityfocuscom/bid/23504/info Actionpoll is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible This issue affects Actionpoll 110; ot ...

source: wwwsecurityfocuscom/bid/20788/info Actionpoll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver proces ...

NVD-CWE-Other http://www.securityfocus.com/bid/20788 http://www.securityfocus.com/bid/23504 http://securityreason.com/securityalert/2587 https://exchange.xforce.ibmcloud.com/vulnerabilities/33691 http://www.securityfocus.com/archive/1/465871/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/29863/

CVE-2007-2064

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect