CVE-2007-0535

Vote! Pro 4.0 - Code Injection

Title source: llm

Description

Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by r0ut3r · perlwebappsphp

https://www.exploit-db.com/exploits/3180

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/0300

[Third Party Advisory, VDB Entry] http://osvdb.org/31606

[Vendor Advisory] http://secunia.com/advisories/23834

Scores

EPSS 0.0557

EPSS Percentile 90.3%

Details

Status published

Products (1)

vote_pro/vote_pro < 4.0

Published Jan 26, 2007

Tracked Since Feb 18, 2026