Vulnerability Description
(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazing Little Picture Poll | Amazing Little Picture Poll | All versions |
| Amazing Little Poll | Amazing Little Poll | All versions |
References
- http://secunia.com/advisories/21997
- http://securityreason.com/securityalert/1527
- http://www.securityfocus.com/archive/1/445081/100/0/threaded
- http://www.securityfocus.com/bid/19837
- http://www.vupen.com/english/advisories/2006/3687
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28737
- http://secunia.com/advisories/21997
- http://securityreason.com/securityalert/1527
- http://www.securityfocus.com/archive/1/445081/100/0/threaded
- http://www.securityfocus.com/bid/19837
- http://www.vupen.com/english/advisories/2006/3687
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28737
FAQ
What is CVE-2006-4653?
CVE-2006-4653 is a vulnerability with a CVSS score of 5.0 (MEDIUM). (1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password vi...
How severe is CVE-2006-4653?
CVE-2006-4653 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4653?
Check the references section above for vendor advisories and patch information. Affected products include: Amazing Little Picture Poll Amazing Little Picture Poll, Amazing Little Poll Amazing Little Poll.