[ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2

[David Raeman <ralusp () mail com>]

Sympoll is a customizable voting booth system written
in PHP.  A missing variable integrity check allows
arbitrary files to be viewed on a web server that hosts
Sympoll version 1.2.  Hosts that have disabled the
register_globals directive in their php.ini file are
not at risk.

This vulnerability was reported to the Sympoll author
on Tuesday, July 30 2002 at at approximately 13:45 EST.
 A new version with a verified fix was released by
16:15 EST the same day.  It can be downloaded from
http://www.ralusp.net/sympoll/

Although this vulnerability only appears possible in
version 1.2, users of older versions are also urged to
upgraded immediately to gain the extra integrity checks
that were added to Sympoll 1.3.

All credit for this vulnerability report belongs to
Mats Linander.

Fixed (Not Vulnerable): Sympoll 1.3
Vulnerable: Sympoll 1.2