Description
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Remediation
References
Related Vulnerabilities
Ruby on Rails Improper Access Control Vulnerability (CVE-2015-7577)
WordPress Plugin MarketPress-WordPress eCommerce PHP Object Injection (3.2.6)
MySQL CVE-2016-0546 Vulnerability (CVE-2016-0546)
PHP Numeric Errors Vulnerability (CVE-2016-4346)
WordPress Plugin WP Spell Check Cross-Site Request Forgery (7.1.9)