Remote Privilege Escalation in PVote before 1.9

Remote Privilege Escalation in PVote before 1.9

CVE-2002-0589 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

PVote before 1.9 allows remote attackers to change the administrative password and gain privileges by directly calling ch_info.php with the newpass and confirm parameters both set to the new password.

Learn more about our Web Application Penetration Testing UK.