vendor:
Advanced Poll
by:
diwou
7.5
CVSS
HIGH
Code Execution
CWE
Product Name: Advanced Poll
Affected Version From: 2.0.0
Affected Version To: 2.0.5-dev
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2006
Advanced Poll 2.0.0 >= 2.0.5-dev textfile admin session gen.
This exploit allows an attacker to generate an admin session for Advanced Poll version 2.0.0 to 2.0.5-dev. By providing a specific username and password, the attacker can bypass authentication and gain administrative access to the system. The exploit uses the LWP::UserAgent module and performs a POST request to the admin/index.php endpoint. If successful, the exploit retrieves the session ID and provides instructions for accessing the admin panel.
Mitigation:
Upgrade to a patched version of Advanced Poll or apply the necessary security updates. It is also recommended to use strong and unique passwords for all user accounts.