CVE-2007-2064

Robert Ladstaetter ActionPoll 1.1.0-1.1.1 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-2064. PoCs published by SekoMirza, Cyber Security.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Actionpoll 1.1.0 due to insufficient input sanitization. An attacker can include arbitrary remote files by manipulating the CONFIG_POLLDB parameter.

Description

Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297.

Exploits (2)

exploitdb WORKING POC VERIFIED
by SekoMirza · textwebappsphp
https://www.exploit-db.com/exploits/29863

This exploit demonstrates a remote file inclusion vulnerability in Actionpoll 1.1.0 due to insufficient input sanitization. An attacker can include arbitrary remote files by manipulating the CONFIG_POLLDB parameter.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Actionpoll 1.1.0
No auth needed
Prerequisites: Remote file hosting server · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Cyber Security · textwebappsphp
https://www.exploit-db.com/exploits/28871

The code describes a remote file inclusion vulnerability in Actionpoll 1.1.1 due to improper input sanitization. An attacker can exploit this to execute arbitrary PHP code by including a remote file via the `CONFIG_DB` parameter.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Actionpoll 1.1.1
No auth needed
Prerequisites: Remote file inclusion must be enabled on the server · Attacker must be able to host a malicious PHP file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2587
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/465871/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23504
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33691
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20788

Scores

EPSS 0.0309
EPSS Percentile 86.1%

Details

Status published
Products (2)
actionpoll/actionpoll 1.1.0
actionpoll/actionpoll 1.1.1
Published Apr 18, 2007
Tracked Since Feb 18, 2026