pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Poll_it | Cgi-world | 2.0 (including) | 2.0 (including) |
Poll_it | Cgi-world | 2.01 (including) | 2.01 (including) |
Poll_it_pro | Cgi-world | 1.6 (including) | 1.6 (including) |