CVE-2009-0112

Name of the Vulnerable Software and Affected Versions PollPro version 3.0

Description A cross-site request forgery issue exists, allowing remote attackers to create or modify accounts with administrative privileges. This is achieved by manipulating the username, password, and name parameters in the admin/agent edit.asp endpoint.

Recommendations For PollPro version 3.0, as a temporary workaround, consider restricting access to the admin/agent edit.asp endpoint until a patch is available. Avoid using the username, password, and name parameters in this endpoint until the issue is resolved.