Vulnerability Description
PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Steve Korbett | Pvote | 1.0 |
References
- http://online.securityfocus.com/archive/1/268231ExploitVendor Advisory
- http://orbit-net.net:8001/php/pvote/Vendor Advisory
- http://www.iss.net/security_center/static/8877.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4540ExploitPatchVendor Advisory
- http://online.securityfocus.com/archive/1/268231ExploitVendor Advisory
- http://orbit-net.net:8001/php/pvote/Vendor Advisory
- http://www.iss.net/security_center/static/8877.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4540ExploitPatchVendor Advisory
FAQ
What is CVE-2002-0588?
CVE-2002-0588 is a vulnerability with a CVSS score of 5.0 (MEDIUM). PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.
How severe is CVE-2002-0588?
CVE-2002-0588 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0588?
Check the references section above for vendor advisories and patch information. Affected products include: Steve Korbett Pvote.