// For flags

CVE-2008-7046

AJSquare Free Polling Script - 'DB' Multiple Vulnerabilities

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

AJ Square Free Polling Script (AJPoll) permite a atacantes remotos evitar la autenticación y crear nuevas votaciones a través de una petición directa a admin/include/newpoll.php. Vector distinto del CVE-2008-7045. NOTA: el origen de esta información es desconocido. Los detalles han sido obtenidos a partir de terceros.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-11-10 First Exploit
  • 2009-08-23 CVE Reserved
  • 2009-08-24 CVE Published
  • 2024-09-17 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-287: Improper Authentication
CAPEC
References (3)
URL Tag Source
http://osvdb.org/49779 Vdb Entry
URL Date SRC
https://www.exploit-db.com/exploits/7086 2008-11-10
URL Date SRC
URL Date SRC
http://secunia.com/advisories/32600 2009-08-24
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ajsquare
Search vendor "Ajsquare"
 Free Polling Script
Search vendor "Ajsquare" for product "Free Polling Script"
*-
Affected