CVE-2003-1180

Name of the Vulnerable Software and Affected Versions Advanced Poll version 2.0.2

Description A directory traversal issue allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base path or pollvars[lang] parameters to various admin files, including "index.php", "admin tpl new.php", "admin tpl misc new.php", "admin templates misc.php", "admin templates.php", "admin stats.php", "admin settings.php", "admin preview.php", "admin password.php", "admin logout.php", "admin license.php", "admin help.php", "admin embed.php", "admin edit.php", or "admin comment.php".

Recommendations For Advanced Poll version 2.0.2, consider restricting access to the vulnerable admin files until a patch is available. As a temporary workaround, avoid using the base path and pollvars[lang] parameters in the affected admin files. Restrict access to the admin directory to minimize the risk of exploitation.