LunarPoll.Show.PHP.File.Inclusion
Description
LunarPoll has a remote file-include vulnerability. A remote attacker could execute arbitrary scripts on the web server with the privileges of the server via a specially-crafted URL request to the 'show.php' script, using the 'PollDir' parameter to specify a malicious PHP file from a remote system.
Affected Products
LunarPoll Any version.
Impact
Gain Access.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://dexxaboy.com/scripts/lunarpoll/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2018-11-06 | 13.485 |