Vulnerabilities > CVE-2006-2235 - Authentication Bypass vulnerability in Codemunkyx Simple Poll 1.0

CVSS 7.6 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

high complexity

codemunkyx

NVD

Published: 2006-05-05

Updated: 2018-10-18

Summary

CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is not required for the admin directory, allows remote attackers to gain administrative privileges by appending /admin/ to the top-level URI of the application. This vulnerability can only be exploited when authentication is not required for the admin directory.

Vulnerable Configurations

Part	Description	Count
Application	Codemunkyx Codemunkyx Simple Poll 1.0	1

References

http://www.free-php.net/scripts/zip/5.zip
http://www.securityfocus.com/archive/1/432577/100/0/threaded
http://www.securityfocus.com/bid/17771