PT-2006-2614 · Unknown · Advanced Poll
Publicado
2006-04-05
·
Atualizado
2017-07-20
·
CVE-2006-1616
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Advanced Poll version 2.02
Description:
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the
id parameter to "comments.php" or the poll id parameter to "page.php".Recommendations:
For Advanced Poll version 2.02, consider restricting access to the "comments.php" and "page.php" scripts until a patch is available. As a temporary workaround, avoid using the
id and poll id parameters in the affected scripts to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Advanced Poll