CVE-2002-0588 Information

Description

PVote before 1.9 does not authenticate users for restricted operations which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.

Reference

http://online.securityfocus.com/archive/1/268231 http://orbit-net.net:8001/php/pvote/ http://www.iss.net/security_center/static/8877.php http://www.securityfocus.com/bid/4540