Published: 04/05/2010 Updated: 17/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote malicious users to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
2daybiz polls script

______________________________________________________________________________ XSS and Authentication bypass in Advanced Poll Script Vendor:www2daybizcom/ ___________________________Author:Sid3^effects_________________________________ Description : Advanced Poll is a ...

CWE-89 http://www.exploit-db.com/exploits/12395 http://secunia.com/advisories/39622 http://packetstormsecurity.org/1004-exploits/aps-sqlxss.txt http://www.securityfocus.com/bid/39745 https://exchange.xforce.ibmcloud.com/vulnerabilities/58189 https://exchange.xforce.ibmcloud.com/vulnerabilities/58127 https://nvd.nist.gov https://www.exploit-db.com/exploits/12395/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-1704

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect