GCVE - cpe:2.3:a:amazing_little_poll:amazing_little

Approved changes feed: RSS · Atom

cpe:2.3:a:amazing_little_poll:amazing_little_poll:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Amazing Little Poll (`ccae522a-59de-5b22-be1a-fa9d7948dde3`)
Product	Amazing Little Poll (`41af93f1-0f9e-54cf-91ef-6d30433b2a9b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-6769`	vulnerable	2026-06-08 06:21:55.776891	Stored XSS vulnerability in Amazing Little Poll MEDIUM (6.5) Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the "lp_admin.php" file in the "question" and "item" parameters. This vulnerability could lead to malicious JavaScript execution while the page is loading. Published: 2023-12-20T09:50:44.480Z Updated: 2024-11-21T19:37:10.512Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amazing-little-poll	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-6768`	vulnerable	2026-06-08 06:21:55.774024	Authentication bypass vulnerability in Amazing Little Poll CRITICAL (9.4) Authentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. This vulnerability could allow an unauthenticated user to access the admin panel without providing any credentials by simply accessing the "lp_admin.php?adminstep=" parameter. Published: 2023-12-20T09:49:36.723Z Updated: 2024-09-16T18:26:36.763Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amazing-little-poll	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4653`	vulnerable	2026-06-08 04:49:18.464105	Details available (1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php). Published: 2006-09-09T00:00:00.000Z Updated: 2024-08-07T19:23:40.448Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/19837 http://www.securityfocus.com/archive/1/445081/100/0/threaded http://securityreason.com/securityalert/1527 http://secunia.com/advisories/21997 http://www.vupen.com/english/advisories/2006/3687	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4652`	vulnerable	2026-06-08 04:49:18.463658	Details available (1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of "dsapoll", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php. Published: 2006-09-09T00:00:00.000Z Updated: 2024-08-07T19:23:40.505Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/19837 http://www.securityfocus.com/archive/1/445081/100/0/threaded http://securityreason.com/securityalert/1527 https://exchange.xforce.ibmcloud.com/vulnerabilities/28737	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Amazing Little Poll

PURL mappings

Vulnerability references

Contribute