4 matches found
EUVD-2006-2132
Malware in sbrugna...
Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack The PoC will be displayed on June 26, 2024, to give users the time to update...
Design/Logic Flaw
include/classpoll.php in Advanced Poll 2.0.4 uses the HTTPXFORWARDEDFOR X-Forwarded-For HTTP header to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions...
CVE-2006-2131
include/classpoll.php in Advanced Poll 2.0.4 uses the HTTPXFORWARDEDFOR X-Forwarded-For HTTP header to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions...