ID CVE-2003-1179
Summary Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.
References
Vulnerable Configurations
  • cpe:2.3:a:advanced_poll:advanced_poll:2.0.0
    cpe:2.3:a:advanced_poll:advanced_poll:2.0.0
  • cpe:2.3:a:advanced_poll:advanced_poll:2.0.1
    cpe:2.3:a:advanced_poll:advanced_poll:2.0.1
  • cpe:2.3:a:advanced_poll:advanced_poll:2.0.2
    cpe:2.3:a:advanced_poll:advanced_poll:2.0.2
CVSS
Base: 7.5 (as of 22-05-2005 - 15:25)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Advanced Poll 2.0.2 Common.Inc.PHP Remote File Include Vulnerability. CVE-2003-1179. Webapps exploit for php platform
id EDB-ID:28253
last seen 2016-02-03
modified 2006-07-21
published 2006-07-21
reporter Solpot
source https://www.exploit-db.com/download/28253/
title Advanced Poll 2.0.2 Common.Inc.PHP Remote File Include Vulnerability
refmap via4
bid
  • 19105
  • 8890
bugtraq
  • 20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo
  • 20060721 SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion
misc
osvdb
  • 28988
  • 3291
secunia 10068
xf advancedpoll-php-file-include(13514)
Last major update 05-09-2008 - 16:36
Published 31-12-2003 - 00:00
Last modified 19-10-2018 - 11:29
Back to Top