CVE-2000-1069

Poll It 2.01 - Unauthenticated Admin Access via Password Parameter Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1069. PoCs published by keelis.

AI-analyzed exploit summary This exploit targets Poll It CGI v2.0 by leveraging unauthenticated administrative commands via crafted HTTP requests. It allows arbitrary command execution, file reading, and poll manipulation through parameter injection.

Description

pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by keelis · perlwebappscgi

https://www.exploit-db.com/exploits/177

View Code ZIP pw:eip

This exploit targets Poll It CGI v2.0 by leveraging unauthenticated administrative commands via crafted HTTP requests. It allows arbitrary command execution, file reading, and poll manipulation through parameter injection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Poll It CGI v2.0

No auth needed

Prerequisites: Network access to the target CGI script · Non-SSI version of Poll It CGI v2.0

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=97236719315352&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5419

Scores

EPSS 0.0227

EPSS Percentile 80.8%

Details

Status published

Products (3)

cgi-world/poll_it 2.0

cgi-world/poll_it 2.01

cgi-world/poll_it_pro 1.6

Published Dec 11, 2000

Tracked Since Feb 18, 2026