Alperen

**Name of the Vulnerable Software and Affected Versions** Amazing Little Poll versions (affected versions not specified) Amazing Little Picture Poll versions (affected versions not specified) **Description** The issue concerns default passwords in the software, allowing remote attackers to create new polls by entering these default credentials. Specifically, the default password "dsapoll" can be used to access the system via the lp admin.php endpoint, enabling unauthorized creation of polls. **Recommendations** For Amazing Little Poll, change the default password "dsapoll" to a unique and secure password. For Amazing Little Picture Poll, change the default password "dsapoll" to a unique and secure password. As a temporary workaround, consider restricting access to the lp admin.php endpoint until secure passwords are implemented.

**Name of the Vulnerable Software and Affected Versions** Amazing Little Poll and Amazing Little Picture Poll (affected versions not specified) **Description** The issue allows remote attackers to read the admin password via a direct request for the `lp settings` file, which can be either `lp settings.inc` or `lp settings.php`, due to insufficient access control. This occurs because sensitive information is stored under the web root. **Recommendations** For Amazing Little Poll and Amazing Little Picture Poll, consider restricting access to the `lp settings` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpPolls version 1.0.3 **Description** The issue allows remote attackers to create a new poll by sending a direct request to the "phpPollAdmin.php3" endpoint with the `poll action` parameter set to `create`. **Recommendations** For phpPolls version 1.0.3, consider restricting access to the "phpPollAdmin.php3" endpoint to prevent unauthorized creation of polls until a patch is available.

**Name of the Vulnerable Software and Affected Versions** planetGallery (affected versions not specified) **Description** The issue allows remote attackers to gain administrator privileges by making a direct request to the "admin/gallery admin.php" API endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JMK's Picture Gallery (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication by making a direct request to "admin gallery.php3", which may be related to the `add` action. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.