Vulnerability Description
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vanillaforums | Vanilla Forums | < 2.6.1 |
Related Weaknesses (CWE)
References
- https://hackerone.com/reports/326434Third Party Advisory
- https://open.vanillaforums.com/discussion/36559Vendor Advisory
- https://twitter.com/viperbluff/status/1033067882941304832Third Party Advisory
- https://twitter.com/viperbluff/status/1033640333890834433Third Party Advisory
- https://hackerone.com/reports/326434Third Party Advisory
- https://open.vanillaforums.com/discussion/36559Vendor Advisory
- https://twitter.com/viperbluff/status/1033067882941304832Third Party Advisory
- https://twitter.com/viperbluff/status/1033640333890834433Third Party Advisory
FAQ
What is CVE-2018-15833?
CVE-2018-15833 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote f...
How severe is CVE-2018-15833?
CVE-2018-15833 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-15833?
Check the references section above for vendor advisories and patch information. Affected products include: Vanillaforums Vanilla Forums.