Advanced Poll is a polling system written in PHP for use on web sites. When a flat file database is used, Advanced Poll does not adequately authenticate users, thereby allowing any user to gain Advanced Poll administrative privileges.
On versions of Advanced Poll older than 1.61 configured to use a flat file database, Advanced Poll allows clients to login as any user by setting the "logged_in" variable in the CGI query string of the GET request to Advanced Poll.
Attackers may login as the administrative user without authentication and gain adminstrator privileges for Advanced Poll.
Upgrade to version 1.61 or later at:
Thanks to Derek Comartin and Security Tracker for reporting this vulnerability.
This document was written by a member of the technical staff.
|Date First Published:||2001-12-20|
|Date Last Updated:||2001-12-21 20:06 UTC|