CVE-2003-1180 Information
Description
Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php (2) admin_tpl_new.php (3) admin_tpl_misc_new.php (4) admin_templates_misc.php (5) admin_templates.php (6) admin_stats.php (7) admin_settings.php (8) admin_preview.php (9) admin_password.php (10) admin_logout.php (11) admin_license.php (12) admin_help.php (13) admin_embed.php (14) admin_edit.php or (15) admin_comment.php.
Reference
http://secunia.com/advisories/10068 http://www.osvdb.org/3291 http://www.securityfocus.com/archive/1/342493 http://www.securityfocus.com/bid/8890 https://exchange.xforce.ibmcloud.com/vulnerabilities/13514
Share on: