CVE-2009-3312

2009-09-2310:00:00

mitre

www.cve.org

AI Score

7.5

Confidence

High

EPSS

0.166

Percentile

96.0%

JSON

PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a crafted URL in the include_class parameter.

References

osvdb.org/58181

secunia.com/advisories/36730

www.exploit-db.com/exploits/9703

www.vupen.com/english/advisories/2009/2686

exchange.xforce.ibmcloud.com/vulnerabilities/53316