Medium severity4.3NVD Advisory· Published Aug 26, 2018· Updated Jun 17, 2026
CVE-2018-15833
CVE-2018-15833
Description
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Affected products
2<2.6.1+ 1 more
- (no CPE)range: <2.6.1
- (no CPE)range: <2.6.1
Patches
Vulnerability mechanics
References
4- hackerone.com/reports/326434nvdThird Party Advisory
- open.vanillaforums.com/discussion/36559nvdVendor Advisory
- twitter.com/viperbluff/status/1033067882941304832nvdThird Party Advisory
- twitter.com/viperbluff/status/1033640333890834433nvdThird Party Advisory
News mentions
0No linked articles in our index yet.