Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1179

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-1179
Last Modified 05 Sep 2008 04:36:15
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1179

Summary

Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.

Vulnerable Systems

Application

  • Advanced Poll 2.0.0

  • Advanced Poll 2.0.1

  • Advanced Poll 2.0.2


References

SECUNIA - 10068

XF - advancedpoll-php-file-include(13514)

MISC - http://www.solpotcrew.org/adv/solpot-adv-02.txt

BID - 8890

BID - 19105

BUGTRAQ - 20060721 SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion

BUGTRAQ - 20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo

MISC - http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt

OSVDB - 3291

OSVDB - 28988


Last Updated: 27 May 2016 10:38:16