Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833)

Description

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).

Remediation

References

CVE-2018-15833

Related Vulnerabilities

Oracle Database Server CVE-2016-0461 Vulnerability (CVE-2016-0461)

OpenSSL Uncontrolled Recursion Vulnerability (CVE-2018-0739)

WordPress Plugin Blog social sharing component Cross-Site Scripting (1.4.4)

Handlebars Other Vulnerability (CVE-2021-23383)

Apache Traffic Server Improper Authentication Vulnerability (CVE-2021-44759)

Severity

Medium

Classification

CVE-2018-15833 CWE-639 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N