CVE-2014-125091

Name of the Vulnerable Software and Affected Versions codepeople cp-polls Plugin version 1.0.1

Description A critical issue has been found in the codepeople cp-polls Plugin, affecting unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the lu argument leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue.

Recommendations For codepeople cp-polls Plugin version 1.0.1, upgrade to version 1.0.2 to address the issue. As a temporary workaround, consider restricting access to the cp-admin-int-message-list.inc.php file until the update is applied. Avoid manipulating the lu argument in the affected file to minimize the risk of exploitation.