Vulnerabilities > CVE-2007-2064 - Remote File Include vulnerability in Actionpoll 1.1.0/1.1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description Actionpoll 1.1 Actionpoll.PHP Remote File Include Vulnerability. CVE-2007-2064. Webapps exploit for php platform id EDB-ID:29863 last seen 2016-02-03 modified 2007-04-16 published 2007-04-16 reporter SekoMirza source https://www.exploit-db.com/download/29863/ title Actionpoll 1.1 Actionpoll.PHP Remote File Include Vulnerability description Actionpoll 1.1.1 db/DataReaderWriter.php CONFIG_DB Parameter Remote File Inclusion. CVE-2007-2064 . Webapps exploit for php platform id EDB-ID:28871 last seen 2016-02-03 modified 2006-10-30 published 2006-10-30 reporter Cyber Security source https://www.exploit-db.com/download/28871/ title Actionpoll 1.1.1 db/DataReaderWriter.php CONFIG_DB Parameter Remote File Inclusion