ID CVE-2006-4653
Summary (1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).
References
Vulnerable Configurations
  • cpe:2.3:a:amazing_little_picture_poll:amazing_little_picture_poll:*:*:*:*:*:*:*:*
    cpe:2.3:a:amazing_little_picture_poll:amazing_little_picture_poll:*:*:*:*:*:*:*:*
  • cpe:2.3:a:amazing_little_poll:amazing_little_poll:*:*:*:*:*:*:*:*
    cpe:2.3:a:amazing_little_poll:amazing_little_poll:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-10-2018 - 21:38)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 19837
bugtraq 20060904 The Amazing Little Poll Admin Pwd
secunia 21997
sreason 1527
vupen ADV-2006-3687
xf alpoll-admin-auth-bypass(28737)
Last major update 17-10-2018 - 21:38
Published 09-09-2006 - 00:04
Back to Top