CVE-2007-4101

Madoa Poll 1.1 - Remote File Inclusion via Madoa Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-4101. PoCs published by ilker Kandemir.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Aplomb Poll 1.1, where unsanitized input allows an attacker to include and execute arbitrary remote PHP code. The example URL demonstrates the vulnerability but does not include functional exploit code.

Description

Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.

Exploits (3)

exploitdb WRITEUP VERIFIED
by ilker Kandemir · textwebappsphp
https://www.exploit-db.com/exploits/30437

The provided text describes a remote file inclusion vulnerability in Aplomb Poll 1.1, where unsanitized input allows an attacker to include and execute arbitrary remote PHP code. The example URL demonstrates the vulnerability but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Aplomb Poll 1.1
No auth needed
Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to host a malicious PHP file on an accessible server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ilker Kandemir · textwebappsphp
https://www.exploit-db.com/exploits/30436

The provided text describes a remote file inclusion vulnerability in Aplomb Poll 1.1, where unsanitized user input allows arbitrary remote file inclusion. The example URL demonstrates the exploit vector but lacks executable code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Aplomb Poll 1.1
No auth needed
Prerequisites: Remote file hosting with malicious PHP code · Target application with vulnerable parameter
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ilker Kandemir · textwebappsphp
https://www.exploit-db.com/exploits/30438

The provided text describes a remote file inclusion vulnerability in Aplomb Poll 1.1, where unsanitized input allows an attacker to include and execute arbitrary remote PHP code. The example URL demonstrates the exploitation vector but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Aplomb Poll 1.1
No auth needed
Prerequisites: Remote file hosting with malicious PHP code · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25138
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37264
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37263
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/475096/100/0/threaded
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-July/001739.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37262
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2937

Scores

EPSS 0.0291
EPSS Percentile 85.2%

Details

Status published
Products (1)
global_centre/aplomb_poll 1.1
Published Jul 31, 2007
Tracked Since Feb 18, 2026