PVote prior to 1.9 allows remote malicious users to change the administrative password and gain privileges by directly calling ch_info.php with the newpass and confirm parameters both set to the new password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
steve korbett pvote 1.0a |
||
steve korbett pvote 1.0b |
||
steve korbett pvote 1.5 |
||
steve korbett pvote 1.0 |