CVE-2006-2281

Name of the Vulnerable Software and Affected Versions X-Scripts X-Poll (xpoll) version 2.30

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by using the admin/images/add.php endpoint to upload a PHP file, which can then be accessed.

Recommendations For version 2.30, consider restricting access to the admin/images/add.php endpoint until a patch is available. Additionally, remove any uploaded PHP files that could be used for malicious purposes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.