← back
CVE-2011-1099

CVE-2011-1099

EPSS 3.2%
Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/16933unverifiedexploitdbwww.exploit-db.com/exploits/16933unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/71028http://secunia.com/advisories/43599http://securityreason.com/securityalert/8121https://exchange.xforce.ibmcloud.com/vulnerabilities/65947http://www.exploit-db.com/exploits/16933http://www.securityfocus.com/archive/1/516873/100/0/threadedhttp://www.securityfocus.com/bid/46770http://www.uncompiled.com/2011/03/quick-polls-local-file-inclusion-deletion-vulnerabilities-cve-2011-1099/