Description
PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Daniel Nyström · textwebappsphp
https://www.exploit-db.com/exploits/21391
References (4)
Core 4
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/8877.php
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4540
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/268231
Vendor Advisory x_refsource_confirm
http://orbit-net.net:8001/php/pvote/
Scores
EPSS
0.0505
EPSS Percentile
89.8%
Details
Status
published
Products (4)
steve_korbett/pvote
1.0
steve_korbett/pvote
1.0a
steve_korbett/pvote
1.0b
steve_korbett/pvote
1.5
Published
Jun 18, 2002
Tracked Since
Feb 18, 2026