CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-2064

Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.028

EPSS Ranking 85.4%

CVSS Severity

CVSS v2 Score 7.5

References

http://securityreason.com/securityalert/2587
http://www.securityfocus.com/archive/1/465871/100/0/threaded
http://www.securityfocus.com/bid/20788
http://www.securityfocus.com/bid/23504
https://exchange.xforce.ibmcloud.com/vulnerabilities/33691
http://securityreason.com/securityalert/2587
http://www.securityfocus.com/archive/1/465871/100/0/threaded
http://www.securityfocus.com/bid/20788
http://www.securityfocus.com/bid/23504
https://exchange.xforce.ibmcloud.com/vulnerabilities/33691

Products affected by CVE-2007-2064

Actionpoll » Actionpoll » Version: 1.1.0

cpe:2.3:a:actionpoll:actionpoll:1.1.0
Actionpoll » Actionpoll » Version: 1.1.1

cpe:2.3:a:actionpoll:actionpoll:1.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-2064

Products

Pricing

Contact Us