CVE-2018-15833

Опубликовано: 26 авг. 2018

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).

Ссылки

https://hackerone.com/reports/326434
Third Party Advisory
https://open.vanillaforums.com/discussion/36559
Vendor Advisory
https://twitter.com/viperbluff/status/1033067882941304832
Third Party Advisory
https://twitter.com/viperbluff/status/1033640333890834433
Third Party Advisory
https://hackerone.com/reports/326434
Third Party Advisory
https://open.vanillaforums.com/discussion/36559
Vendor Advisory
https://twitter.com/viperbluff/status/1033067882941304832
Third Party Advisory
https://twitter.com/viperbluff/status/1033640333890834433
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vanillaforums:vanilla_forums:*:*:*:*:*:*:*:*

Версия до 2.6.1 (исключая)

EPSS

Процентиль: 41%

0.00187

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-w2gg-fjfh-g555