PT-2007-1964 · None · Vote! Pro

R0Ut3R

Published

2007-01-26

Updated

2017-10-19

CVE-2007-0504

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Vote! Pro version 4.0

Description The issue allows remote attackers to execute arbitrary code via the poll id parameter, which is supplied to an eval function call. This is due to an eval injection vulnerability in the poll frame.php script.

Recommendations For Vote! Pro version 4.0, avoid using the poll id parameter in the affected script until the issue is resolved. As a temporary workaround, consider restricting access to the poll frame.php script to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0504

Affected Products

Vote! Pro

PT-2007-1964 · None · Vote! Pro

CVE-2007-0504

Related Identifiers

Affected Products

References · 5