Pollpro · Pollpro · CVE-2009-0112
**Name of the Vulnerable Software and Affected Versions**
PollPro version 3.0
**Description**
A cross-site request forgery issue exists, allowing remote attackers to create or modify accounts with administrative privileges. This is achieved by manipulating the `username`, `password`, and `name` parameters in the admin/agent edit.asp endpoint.
**Recommendations**
For PollPro version 3.0, as a temporary workaround, consider restricting access to the admin/agent edit.asp endpoint until a patch is available. Avoid using the `username`, `password`, and `name` parameters in this endpoint until the issue is resolved.