Description

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).

Remediation

References

CVE-2018-15833

Related Vulnerabilities

WordPress Plugin CONTUS VBLOG-Video Blogging 'save.php' Arbitrary File Upload (1.0)

SharePoint CVE-2023-21716 Vulnerability (CVE-2023-21716)

WordPress Plugin KN Fix Your Title Cross-Site Scripting (1.0.1)

WordPress Plugin Woosaleskit Bar Cross-Site Scripting (1.0.0)

WordPress Plugin WP Job Manager Cross-Site Request Forgery (1.25.2)

Severity

Medium

Classification

CVE-2018-15833 CWE-639 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities