PT-2002-2876 · Kvpoll · Kvpoll
Publicado
2002-12-31
·
Atualizado
2008-09-05
·
CVE-2002-2163
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
KvPoll version 1.1
Description:
The issue allows remote authenticated users to vote more than once by manipulating the
already voted cookie through various methods, including a direct call to "clear cookies.php" endpoint.Recommendations:
For KvPoll version 1.1, consider restricting access to the "clear cookies.php" endpoint to prevent unauthorized manipulation of the
already voted cookie until a patch is available.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Kvpoll