CVE-2006-1217

Name of the Vulnerable Software and Affected Versions DSPoll version 1.1

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the pollid parameter to several API endpoints: "results.php", "topolls.php", and "pollit.php".

Recommendations For DSPoll version 1.1, avoid using the pollid parameter in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the "results.php", "topolls.php", and "pollit.php" endpoints to minimize the risk of exploitation.