CVE-2024-45987

Name of the Vulnerable Software and Affected Versions Projectworld Online Voting System version 1.0

Description The issue allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. This is achieved via the voter.php page, leveraging the user's active session to perform the unauthorized action, compromising the integrity of the voting process.

Recommendations For Projectworld Online Voting System version 1.0, as a temporary workaround, consider disabling the voter.php page until a patch is available. Restrict access to the voter.php page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.