CVE-2018-15833
N/A
N/A
Summary
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://twitter.com/viperbluff/status/1033067882941304832
- https://open.vanillaforums.com/discussion/36559
- https://hackerone.com/reports/326434
- https://twitter.com/viperbluff/status/1033640333890834433
References
- https://twitter.com/viperbluff/status/1033067882941304832
- https://open.vanillaforums.com/discussion/36559
- https://hackerone.com/reports/326434
- https://twitter.com/viperbluff/status/1033640333890834433
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.