CVE-2006-4653 | Vulnerability Database | Aqua Security

(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).

Affected Software

Name	Vendor	Start Version	End Version
Amazing_little_picture_poll	Amazing_little_picture_poll	*	*
Amazing_little_poll	Amazing_little_poll	*	*

References

http://secunia.com/advisories/21997
http://securityreason.com/securityalert/1527
http://www.securityfocus.com/archive/1/445081/100/0/threaded
http://www.securityfocus.com/bid/19837
http://www.vupen.com/english/advisories/2006/3687
https://exchange.xforce.ibmcloud.com/vulnerabilities/28737
http://secunia.com/advisories/21997
http://securityreason.com/securityalert/1527
http://www.securityfocus.com/archive/1/445081/100/0/threaded
http://www.securityfocus.com/bid/19837
http://www.vupen.com/english/advisories/2006/3687
https://exchange.xforce.ibmcloud.com/vulnerabilities/28737

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4653
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html