CVE-2001-1297
published 2001-10-02CVE-2001-1297: PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir…
PriorityP429high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.90%
77.1th percentile
PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| actionpoll | actionpoll | <= 1.1.1 | — |
| actionpoll | actionpoll | — | — |
| actionpoll | actionpoll | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jg49-xmrf-jw86: Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-2064 [HIGH] GHSA-jg49-xmrf-jw86: Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1
Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297.
GHSA
GHSA-x8q2-x42f-2g27: PHP remote file inclusion vulnerability in db/PollDB
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-2065 [HIGH] GHSA-x8q2-x42f-2g27: PHP remote file inclusion vulnerability in db/PollDB
PHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG_DATAREADERWRITER parameter, a different vector than CVE-2001-1297. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
GHSA
GHSA-mvx6-p37c-4gp5: PHP remote file inclusion vulnerability in Actionpoll PHP script before 1
ghsa_unreviewed·2022-04-30
CVE-2001-1297 [HIGH] GHSA-mvx6-p37c-4gp5: PHP remote file inclusion vulnerability in Actionpoll PHP script before 1
PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.htmlhttp://sourceforge.net/project/shownotes.php?release_id=58331http://www.iss.net/security_center/static/7215.phphttp://www.osvdb.org/1960http://www.securityfocus.com/bid/3384http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.htmlhttp://sourceforge.net/project/shownotes.php?release_id=58331http://www.iss.net/security_center/static/7215.phphttp://www.osvdb.org/1960http://www.securityfocus.com/bid/3384
2001-10-02
Published