Vulnerabilities > CVE-2003-1180 - Unspecified vulnerability in Advanced Poll Advanced Poll 2.0.0/2.0.1/2.0.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
References
- http://secunia.com/advisories/10068
- http://secunia.com/advisories/10068
- http://www.osvdb.org/3291
- http://www.osvdb.org/3291
- http://www.securityfocus.com/archive/1/342493
- http://www.securityfocus.com/archive/1/342493
- http://www.securityfocus.com/bid/8890
- http://www.securityfocus.com/bid/8890
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13514
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13514