Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability - CVE-2018-15833 - Vulnerability Database
Vanilla Forums

Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability - CVE-2018-15833

Medium
Reference: CVE-2018-15833
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-15833
Title: Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability
Overview:

In Vanilla before 2.6.1 the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID leading to the ability of a single user to select multiple Poll Options (e.g. vote for multiple items).