CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0504

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1250%
EPSS Percentile32.18th
PublishedJan 26, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.

Affected Platforms (CPE)

πŸ“¦
Vote Pro

Vote Pro

<= 4.0

References & Advisories

πŸ”— http://osvdb.org/31606
πŸ”— http://secunia.com/advisories/23834
πŸ”— http://www.vupen.com/english/advisories/2007/0300
πŸ”— https://www.exploit-db.com/exploits/3180
πŸ”— http://osvdb.org/31606
πŸ”— http://secunia.com/advisories/23834
πŸ”— http://www.vupen.com/english/advisories/2007/0300
πŸ”— https://www.exploit-db.com/exploits/3180

Related Vulnerabilities

CVE-2005-46327.5

SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL comman...

CVE-2007-05357.5

Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code v...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...