CVE-2006-4653 - (1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the we

CVE-2006-4653

Summary

(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).

References

Vulnerable Configurations

cpe:2.3:a:amazing_little_picture_poll:amazing_little_picture_poll:*:*:*:*:*:*:*:*
cpe:2.3:a:amazing_little_picture_poll:amazing_little_picture_poll:*:*:*:*:*:*:*:*
cpe:2.3:a:amazing_little_poll:amazing_little_poll:*:*:*:*:*:*:*:*
cpe:2.3:a:amazing_little_poll:amazing_little_poll:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 17-10-2018 - 21:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	19837
bugtraq	20060904 The Amazing Little Poll Admin Pwd
secunia	21997
sreason	1527
vupen	ADV-2006-3687
xf	alpoll-admin-auth-bypass(28737)

Last major update

17-10-2018 - 21:38

Published

09-09-2006 - 00:04

Last modified

17-10-2018 - 21:38