Description
PVote before 1.9 allows remote attackers to change the administrative password and gain privileges by directly calling ch_info.php with the newpass and confirm parameters both set to the new password.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Daniel Nyström · textwebappsphp
https://www.exploit-db.com/exploits/21397
References (4)
Core 4
Core References
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/268231
Vendor Advisory x_refsource_confirm
http://orbit-net.net:8001/php/pvote/
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4541
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/8878.php
Scores
EPSS
0.0641
EPSS Percentile
91.1%
Details
Status
published
Products (4)
steve_korbett/pvote
1.0
steve_korbett/pvote
1.0a
steve_korbett/pvote
1.0b
steve_korbett/pvote
1.5
Published
Jun 18, 2002
Tracked Since
Feb 18, 2026