CVE-2024-45986

A stored Cross-Site Scripting XSS vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages whenever the account...

CVE-2023-7129

A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Affected is an unknown function of the component Voters Login. The manipulation of the argument voter leads to sql injection. The exploit has been disclosed to the public and may be used. The identifi...

Sql injection

A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to th...

CVE-2023-7128

CVE-2023-7128 affects code-projects Voting System 1.0, specifically the Admin Login component’s /admin/ path. The issue arises from manipulating the username argument, resulting in SQL injection in an unknown processing flow of the Admin Login. Public disclosure exists. The CVSS data in the sourc...

CVE-2023-2053

CVE-2023-2053 affects Campcodes Advanced Online Voting System 1.0. The vulnerability is a SQL injection in the /admin/candidates_row.php file driven by the id parameter, enabling remote exploitation according to public disclosures. Multiple sources confirm the flaw exists in an unknown function h...

Sql injection

A vulnerability classified as critical was found in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ballotdown.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The explo...

CVE-2023-2048

A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/votersrow.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2023-2049

Summary: CVE-2023-2049 affects Campcodes Advanced Online Voting System 1.0, where the unvalidated id parameter in /admin/ballot_up.php enables SQL injection. The vulnerability is triggered remotely, with public disclosure of exploits. Root cause appears to be lack of validation/sanitization for t...

Online Voting System 1.0 Remote Code Execution

Exploit Title: Online Voting System 1.0 - Remote Code Execution Authenticated Exploit Author: deathflash1411 Date 30.06.2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/4808/voting-system-php.html Version 1.0 Tested on: Ubuntu 20.04 Proof of...

Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)

Exploit Title: Voting System 1.0 - File Upload RCE Authenticated Remote Code Execution Date: 19/01/2021 Exploit Author: Richard Jones Vendor Homepage:https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

CVE-2018-6180

CVE-2018-6180 describes an authentication bypass in the Online Voting System 1.0 where an unauthenticated user can set an arbitrary password for other accounts via the profile section. The root cause is a flaw that allows password updates based on an incremental identifier without validating the ...

CVE-2018-6180

A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts...