| عنوان | campcodes Advanced Voting Management System using PHP/MySQLi 1.0 Authentication Bypass |
|---|
| الوصف | A logic flaw in the voter password update functionality allows an authenticated
administrator to reset any voter’s password without knowing the original
password. The application compares user-supplied plaintext input directly
against a stored password hash, causing the password to be unconditionally
updated with attacker-controlled input. This results in full voter account
takeover and compromise of election integrity.
|
|---|
| المصدر | ⚠️ https://gist.github.com/nikstudy576-maker/82e1e1ede9b848880aa09b87b92bc22c |
|---|
| المستخدم | Err404 (UID 93509) |
|---|
| ارسال | 15/12/2025 01:00 PM (6 أشهر منذ) |
|---|
| الاعتدال | 18/12/2025 03:12 PM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 337378 [Campcodes Advanced Voting Management System 1.0 Password /admin/voters_edit.php معرف تجاوز الصلاحيات] |
|---|
| النقاط | 19 |
|---|