CVE-2006-2131

Name of the Vulnerable Software and Affected Versions Advanced Poll version 2.0.4

Description The issue allows remote attackers to spoof the source IP and bypass voting restrictions. This is because the include/class poll.php file in Advanced Poll uses the HTTP X FORWARDED FOR (X-Forwarded-For HTTP header) to identify the IP address of a client.

Recommendations For Advanced Poll version 2.0.4, consider modifying the include/class poll.php file to use a more reliable method for identifying client IP addresses, such as checking the REMOTE ADDR variable, as a temporary workaround until a patch is available. Restrict access to voting functionality to minimize the risk of exploitation.