Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3312

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-3312
Last Modified 23 Sep 2009 12:00:00
Published 23 Sep 2009 08:08:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3312

Summary

PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a crafted URL in the include_class parameter.

Vulnerable Systems

Application

  • Tomex Phppollscript 1.3


References

XF - phppollscript-initpoll-file-include(53316)

VUPEN - ADV-2009-2686

MILW0RM - 9703

SECUNIA - 36730

OSVDB - 58181


Last Updated: 27 May 2016 10:51:12