Advanced Poll Admin Index.PHP Information Disclosure Vulnerability

Bugtraq ID:	22451
Class:	Design Error
CVE:	CVE-2007-0845
Remote:	Yes
Local:	No
Published:	Feb 07 2007 12:00AM
Updated:	May 07 2015 06:02PM
Credit:	diwou reported this issue.
Vulnerable:	Advanced Poll Advanced Poll 2.0.5 Advanced Poll Advanced Poll 2.0.3 Advanced Poll Advanced Poll 2.0.2 Advanced Poll Advanced Poll 2.0 Advanced Poll Advanced Poll 2.0.5-dev
Not Vulnerable:

Advanced Poll Admin Index.PHP Information Disclosure Vulnerability

Advanced Poll is prone to an information-disclosure vulnerability because the application discloses information about the administrative session variables.

An attacker can exploit these issue to access sensitive information that may aid the attacker in other attacks.

This issue affects versions 2.0.0 through 2.0.5-dev, inclusive.

Advanced Poll Admin Index.PHP Information Disclosure Vulnerability

An attacker can exploit this issue by using a browser.

Sample exploits have been provided:

• /data/vulnerabilities/exploits/22451.php
• /data/vulnerabilities/exploits/22451-1.pl

Advanced Poll Admin Index.PHP Information Disclosure Vulnerability

Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Advanced Poll Admin Index.PHP Information Disclosure Vulnerability

References:

• Advanced Poll Web Site (Advanced Poll)