CVE-2009-4683

Good/Bad Vote <unknown> - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4683. PoCs published by Moudi.

AI-analyzed exploit summary This exploit demonstrates XSS and LFI vulnerabilities in the Good/Bad Vote PHP script. The XSS payload is injected via the 'id' parameter, while the LFI is achieved by manipulating file inclusion paths.

Description

Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/9185

View Code ZIP pw:eip

This exploit demonstrates XSS and LFI vulnerabilities in the Good/Bad Vote PHP script. The XSS payload is injected via the 'id' parameter, while the LFI is achieved by manipulating file inclusion paths.

Classification

Working Poc 90%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Good/Bad Vote (version not specified)

No auth needed

Prerequisites: Access to the vulnerable vote.php endpoint

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_osvdb

http://www.osvdb.org/55918

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35835

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9185

Scores

EPSS 0.0236

EPSS Percentile 81.5%

Details

CWE

CWE-22

Status published

Products (1)

scriptsez/good\/bad_vote

Published Mar 10, 2010

Tracked Since Feb 18, 2026