CVE-2007-0504

Vote! Pro 4.0 - Code Injection

Title source: llm

Description

Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.

Exploits (1)

exploitdb WORKING POC VERIFIED

by r0ut3r · perlwebappsphp

https://www.exploit-db.com/exploits/3180

View Code ZIP pw:eip

References (4)

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/0300

[Third Party Advisory, VDB Entry] http://osvdb.org/31606

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3180

[Third Party Advisory] http://secunia.com/advisories/23834

Scores

EPSS 0.1754

EPSS Percentile 95.1%

Details

Status published

Products (1)

vote_pro/vote_pro < 4.0

Published Jan 26, 2007

Tracked Since Feb 18, 2026