5 matches found
CVE-2025-65033
Rallly prior to 4.5.4 contains an authorization flaw in the poll management feature: polls are identified only by pollId, and ownership is not verified. This allows any authenticated user to pause or resume any poll, compromising integrity and availability. The issue has been patched in version 4...
PT-2025-47511
Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description An authorization issue exists in Rallly, a scheduling and collaboration tool. An authenticated user can manipulate the pollId parameter to reopen finalized polls owned by other users. This can disrupt...
CVE-2019-9914
The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes pollid XSS...
Design/Logic Flaw
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference IDOR via the Poll ID, leading to the ability of a single user to select multiple Poll Options e.g., vote for multiple items...
CVE-2008-4782
SQL injection vulnerability in public/code/cppollsresults.php in All In One Control Panel AIOCP 1.4 allows remote attackers to execute arbitrary SQL commands via the pollid parameter...