source: http://www.securityfocus.com/bid/4541/info PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems. It is possible to change the administrative password by submitting a malicious web request containing the appropriate values for the URL parameters. No authentication credentials are required. http://target/pvote/ch_info.php?newpass=password&confirm=password where password is the attacker-supplied value for the new administrative password.
Related ExploitsTrying to match CVEs (1): CVE-2002-0589
Trying to match OSVDBs (1): 14425
Other Possible E-DB Search Terms: PVote 1.0/1.5, PVote 1.0, PVote
|2002-04-18||PVote 1.0/1.5 - Poll Content Manipulation||Daniel NystrÃ¶m|