CVE-2011-1099

Name of the Vulnerable Software and Affected Versions FocalMedia.Net Quick Polls versions prior to 1.0.2

Description The issue allows remote attackers to read or delete arbitrary files due to directory traversal vulnerabilities. This can be achieved by using a .. (dot dot) in the p parameter in either a preview or delete action to "index.php".

Recommendations For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" file or disabling the preview and delete actions until a patch is available. Avoid using the p parameter in the affected API endpoint until the issue is resolved.