Threat Encyclopedia

LunarPoll.Show.PHP.File.Inclusion

description-logoDescription

LunarPoll has a remote file-include vulnerability. A remote attacker could execute arbitrary scripts on the web server with the privileges of the server via a specially-crafted URL request to the 'show.php' script, using the 'PollDir' parameter to specify a malicious PHP file from a remote system.

affected-products-logoAffected Products

LunarPoll Any version.

Impact logoImpact

Gain Access.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://dexxaboy.com/scripts/lunarpoll/

CVE References

CVE-2007-0298

Telemetry logoTelemetry