2daybiz Polls Script SQL Injection and Cross Site Scripting Vulnerabilities

Bugtraq ID:	39745
Class:	Input Validation Error
CVE:	CVE-2010-1704 CVE-2010-1703
Remote:	Yes
Local:	No
Published:	Apr 26 2010 12:00AM
Updated:	Apr 13 2015 09:02PM
Credit:	Sid3^effects
Vulnerable:	2daybiz Polls Script 0
Not Vulnerable:

2daybiz Polls Script SQL Injection and Cross Site Scripting Vulnerabilities

Polls Script is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

2daybiz Polls Script SQL Injection and Cross Site Scripting Vulnerabilities

An attacker can exploit these issues via a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.

2daybiz Polls Script SQL Injection and Cross Site Scripting Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

2daybiz Polls Script SQL Injection and Cross Site Scripting Vulnerabilities

References:

• Polls Script Homepage (2daybiz)