CVE-2007-4339

Name of the Vulnerable Software and Affected Versions PHPCentral Poll Script version 1.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the SERVER[DOCUMENT ROOT] parameter in the /poll.php and /pollarchive.php API endpoints. This is reportedly due to a variable extraction error in the functions.php file.

Recommendations For PHPCentral Poll Script version 1.0, consider disabling the poll.php and pollarchive.php scripts until a patch is available to prevent remote attackers from executing arbitrary PHP code. Restrict access to the SERVER[DOCUMENT ROOT] parameter to minimize the risk of exploitation. Avoid using the SERVER[DOCUMENT ROOT] parameter in the affected API endpoints until the issue is resolved.