PVote before 1.9 allows remote attackers to change the administrative password and gain privileges by directly calling ch_info.php with the newpass and confirm parameters both set to the new password.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pvote | Steve_korbett | 1.0 | 1.0 |
Pvote | Steve_korbett | 1.0a | 1.0a |
Pvote | Steve_korbett | 1.0b | 1.0b |
Pvote | Steve_korbett | 1.5 | 1.5 |