Vulnerability Description
Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advanced Poll | Advanced Poll | 2.0.2 |
References
- http://ns79.hosteur.com/~secuti/advancedpoll.txtExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25676
- http://ns79.hosteur.com/~secuti/advancedpoll.txtExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25676
FAQ
What is CVE-2006-1616?
CVE-2006-1616 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php.
How severe is CVE-2006-1616?
CVE-2006-1616 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1616?
Check the references section above for vendor advisories and patch information. Affected products include: Advanced Poll Advanced Poll.