Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1099

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2011-1099
Last Modified 21 Sep 2011 11:29:33
Published 09 Mar 2011 06:00:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1099

Summary

Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.

Vulnerable Systems

Application

  • Focalmedia.net Quick Polls 1.0.1


References

XF - quickpoll-index-directory-traversal(65947)

MISC - http://www.uncompiled.com/2011/03/quick-polls-local-file-inclusion-deletion-vulnerabilities-cve-2011-1099/

BID - 46770

BUGTRAQ - 20110306 'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099)

EXPLOIT-DB - 16933

SREASON - 8121

SECUNIA - 43599

OSVDB - 71028


Last Updated: 27 May 2016 10:56:09