Vulnerabilities > CVE-2006-4653 - Authentication Bypass vulnerability in Amazing Little Picture Poll Admin Login Page

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

amazing-little-picture-poll

amazing-little-poll

NVD

Published: 2006-09-09

Updated: 2018-10-17

Summary

(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).

Vulnerable Configurations

Part	Description	Count
Application	Amazing_Little_Picture_Poll Amazing Little Picture Poll Amazing Little Picture Poll *	1
Application	Amazing_Little_Poll Amazing Little Poll Amazing Little Poll *	1

References

http://secunia.com/advisories/21997
http://securityreason.com/securityalert/1527
http://www.securityfocus.com/archive/1/445081/100/0/threaded
http://www.securityfocus.com/bid/19837
http://www.vupen.com/english/advisories/2006/3687
https://exchange.xforce.ibmcloud.com/vulnerabilities/28737