9 lines
No EOL
542 B
Text
9 lines
No EOL
542 B
Text
source: http://www.securityfocus.com/bid/4541/info
|
|
|
|
PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems.
|
|
|
|
It is possible to change the administrative password by submitting a malicious web request containing the appropriate values for the URL parameters. No authentication credentials are required.
|
|
|
|
http://target/pvote/ch_info.php?newpass=password&confirm=password
|
|
|
|
where password is the attacker-supplied value for the new administrative password. |