PVote prior to 1.9 does not authenticate users for restricted operations, which allows remote malicious users to add or delete polls by modifying parameters to (1) add.php or (2) del.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
steve korbett pvote 1.0b |
||
steve korbett pvote 1.0 |
||
steve korbett pvote 1.0a |
||
steve korbett pvote 1.5 |