Unrated severityNVD Advisory· Published May 4, 2010· Updated Apr 29, 2026

CVE-2010-1704

Description

Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.

Affected products

2daybiz/Polls Script
cpe:2.3:a:2daybiz:polls_script:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.org/1004-exploits/aps-sqlxss.txtnvdExploit
www.exploit-db.com/exploits/12395nvdExploit
secunia.com/advisories/39622nvdVendor Advisory
www.securityfocus.com/bid/39745nvd
exchange.xforce.ibmcloud.com/vulnerabilities/58127nvd
exchange.xforce.ibmcloud.com/vulnerabilities/58189nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000