Vulnerability Description
Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advanced Poll | Advanced Poll | 2.0.0 |
References
- http://secunia.com/advisories/10068PatchVendor Advisory
- http://www.osvdb.org/3291
- http://www.securityfocus.com/archive/1/342493
- http://www.securityfocus.com/bid/8890
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13514
- http://secunia.com/advisories/10068PatchVendor Advisory
- http://www.osvdb.org/3291
- http://www.securityfocus.com/archive/1/342493
- http://www.securityfocus.com/bid/8890
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13514
FAQ
What is CVE-2003-1180?
CVE-2003-1180 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] paramet...
How severe is CVE-2003-1180?
CVE-2003-1180 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1180?
Check the references section above for vendor advisories and patch information. Affected products include: Advanced Poll Advanced Poll.