Описание
include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions.
Ссылки
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:advanced_poll:advanced_poll:2.0.4:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.0064
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions.
EPSS
Процентиль: 70%
0.0064
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other