Unauthenticated Remote Poll Manipulation in PVote before 1.9

Unauthenticated Remote Poll Manipulation in PVote before 1.9

CVE-2002-0588 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.

Learn more about our User Device Pen Test.