CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-0504

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1250%
EPSS Percentile32.18th
Published2007年1月26日
Last Modified2026年4月23日

Vulnerability Description

Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.

Affected Platforms (CPE)

📦
Vote Pro

Vote Pro

<= 4.0

References & Advisories

🔗 http://osvdb.org/31606
🔗 http://secunia.com/advisories/23834
🔗 http://www.vupen.com/english/advisories/2007/0300
🔗 https://www.exploit-db.com/exploits/3180
🔗 http://osvdb.org/31606
🔗 http://secunia.com/advisories/23834
🔗 http://www.vupen.com/english/advisories/2007/0300
🔗 https://www.exploit-db.com/exploits/3180

相关漏洞威胁

CVE-2005-46327.5

SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL comman...

CVE-2007-05357.5

Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code v...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...