Required CVE Record Information
Description
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- https://twitter.com/viperbluff/status/1033067882941304832 x_transferred
- https://open.vanillaforums.com/discussion/36559 x_transferred
- https://hackerone.com/reports/326434 x_transferred
- https://twitter.com/viperbluff/status/1033640333890834433 x_transferred