Vulnerability Details CVE-2003-1179
Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.083
EPSS Ranking 91.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/10068
- http://www.osvdb.org/28988
- http://www.osvdb.org/3291
- http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt
- http://www.securityfocus.com/archive/1/342493
- http://www.securityfocus.com/archive/1/440780/100/0/threaded
- http://www.securityfocus.com/bid/19105
- http://www.securityfocus.com/bid/8890
- http://www.solpotcrew.org/adv/solpot-adv-02.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13514
- http://secunia.com/advisories/10068
- http://www.osvdb.org/28988
- http://www.osvdb.org/3291
- http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt
- http://www.securityfocus.com/archive/1/342493
- http://www.securityfocus.com/archive/1/440780/100/0/threaded
- http://www.securityfocus.com/bid/19105
- http://www.securityfocus.com/bid/8890
- http://www.solpotcrew.org/adv/solpot-adv-02.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13514
Products affected by CVE-2003-1179
-
cpe:2.3:a:advanced_poll:advanced_poll:2.0.0
-
cpe:2.3:a:advanced_poll:advanced_poll:2.0.1
-
cpe:2.3:a:advanced_poll:advanced_poll:2.0.2