Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.
References
Configurations
History
No history.
Information
Published : 2011-03-09 23:00
Updated : 2024-02-04 17:54
NVD link : CVE-2011-1099
Mitre link : CVE-2011-1099
CVE.ORG link : CVE-2011-1099
JSON object : View
Products Affected
focalmedia.net
- quick_polls
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')