Description
pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.
Affected products
- cgi-world / poll_it2.0 – 2.0
- cgi-world / poll_it2.01 – 2.01
- cgi-world / poll_it_pro1.6 – 1.6