Free-PHP.net Simple Poll Authentication Bypass Vulnerability
BID:17771
Info
Free-PHP.net Simple Poll Authentication Bypass Vulnerability
| Bugtraq ID: | 17771 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 01 2006 12:00AM |
| Updated: | May 02 2006 04:20AM |
| Credit: | tugr@ is credited with the discovery of this vulnerability. |
| Vulnerable: |
free-php.net Simple Poll 1.0 |
| Not Vulnerable: | |
Discussion
Free-PHP.net Simple Poll Authentication Bypass Vulnerability
Simple Poll is prone to an authentication-bypass vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials.
An attacker can exploit this issue to bypass authentication and gain access to the affected application's poll creation/modification functionality. This could aid in further attacks on the affected computer.
Simple Poll is prone to an authentication-bypass vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials.
An attacker can exploit this issue to bypass authentication and gain access to the affected application's poll creation/modification functionality. This could aid in further attacks on the affected computer.
Exploit / POC
Free-PHP.net Simple Poll Authentication Bypass Vulnerability
This issue can be exploited through a web client.
This issue can be exploited through a web client.
Solution / Fix
Free-PHP.net Simple Poll Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Free-PHP.net Simple Poll Authentication Bypass Vulnerability
References:
References:
- Simple Poll Web Site (free-php.net)
- free-php.net Poll 1.0 admin login ([email protected])