Advanced Poll » Advanced Poll : Security Vulnerabilities, CVEs, Published In 2006
include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions.
Max CVSS
5.0
EPSS Score
3.73%
Published
2006-05-01
Updated
2017-07-20
SQL injection vulnerability in include/class_poll.php in Advanced Poll 2.0.4 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
Max CVSS
5.1
EPSS Score
0.63%
Published
2006-05-01
Updated
2017-07-20
Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616.
Max CVSS
4.3
EPSS Score
0.19%
Published
2006-04-05
Updated
2017-07-20
Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php.
Max CVSS
7.5
EPSS Score
0.15%
Published
2006-04-05
Updated
2017-07-20
4 vulnerabilities found