2002-06-11 04:00:00
mitre
PUBLISHED
PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.