CVE-2011-1099

Current Description

Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.

Basic Data

PublishedMarch 09, 2011
Last ModifiedOctober 09, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-22
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationFocalmedia.netQuick Polls********1.0.1

Vulnerable Software List

VendorProductVersions
Focalmedia.net Quick Polls *

References

NameSourceURLTags
71028http://osvdb.org/71028OSVDB
43599http://secunia.com/advisories/43599SECUNIAVendor Advisory
8121http://securityreason.com/securityalert/8121SREASON
16933http://www.exploit-db.com/exploits/16933EXPLOIT-DBExploit
20110306 'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099)http://www.securityfocus.com/archive/1/516873/100/0/threadedBUGTRAQ
46770http://www.securityfocus.com/bid/46770BIDExploit
http://www.uncompiled.com/2011/03/quick-polls-local-file-inclusion-deletion-vulnerabilities-cve-2011-1099/http://www.uncompiled.com/2011/03/quick-polls-local-file-inclusion-deletion-vulnerabilities-cve-2011MISCExploit
quickpoll-index-directory-traversal(65947)https://exchange.xforce.ibmcloud.com/vulnerabilities/65947XF