Vulnerabilities > CVE-2018-15833 - Authorization Bypass Through User-Controlled Key vulnerability in Vanillaforums Vanilla Forums
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://hackerone.com/reports/326434
- https://hackerone.com/reports/326434
- https://open.vanillaforums.com/discussion/36559
- https://open.vanillaforums.com/discussion/36559
- https://twitter.com/viperbluff/status/1033067882941304832
- https://twitter.com/viperbluff/status/1033067882941304832
- https://twitter.com/viperbluff/status/1033640333890834433
- https://twitter.com/viperbluff/status/1033640333890834433