Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: David Raeman (ralusp_at_mail.com)
Date: Tue Jul 30 2002 - 15:27:48 CDT
('binary' encoding is not supported, stored as-is)
Sympoll is a customizable voting booth system written
in PHP. A missing variable integrity check allows
arbitrary files to be viewed on a web server that hosts
Sympoll version 1.2. Hosts that have disabled the
register_globals directive in their php.ini file are
not at risk.
This vulnerability was reported to the Sympoll author
on Tuesday, July 30 2002 at at approximately 13:45 EST.
A new version with a verified fix was released by
16:15 EST the same day. It can be downloaded from
Although this vulnerability only appears possible in
version 1.2, users of older versions are also urged to
upgraded immediately to gain the extra integrity checks
that were added to Sympoll 1.3.
All credit for this vulnerability report belongs to
Fixed (Not Vulnerable): Sympoll 1.3
Vulnerable: Sympoll 1.2