Description
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4407)
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-3636)
WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Security Bypass (3.5.4)
WordPress Plugin Lightweight Sidebar Manager Cross-Site Request Forgery (1.1.4)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2007-6422)