PT-2023-32769 · Unknown · Amazing Little Poll
David Utón Amaya
+1
·
Published
2023-12-13
·
Updated
2023-12-22
·
CVE-2023-6768
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Amazing Little Poll versions 1.3 through 1.4
Description
The issue allows an unauthenticated user to access the admin panel without providing any credentials by accessing the "lp admin.php?adminstep=" parameter. This could enable unauthorized access to sensitive areas of the application.
Recommendations
For versions 1.3 and 1.4, consider restricting access to the "lp admin.php?adminstep=" parameter until a patch is available.
As a temporary workaround, avoid using the
adminstep parameter in the "lp admin.php" endpoint to minimize the risk of exploitation.Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amazing Little Poll