Advanced Online Voting System
Monthly
A vulnerability has been found in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /admin/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Unrestricted file upload in Campcodes Advanced Online Voting System 1.0 allows authenticated attackers to upload arbitrary files via manipulation of the photo parameter in /admin/voters_add.php. The vulnerability requires valid login credentials (PR:L) but affects confidentiality, integrity, and availability with low severity. Publicly available exploit code exists; however, EPSS score of 0.04% indicates minimal real-world exploitation probability despite public POC availability.
SQL injection in Campcodes Advanced Online Voting System 1.0 allows authenticated remote attackers to manipulate the firstname parameter in /admin/voters_add.php, leading to limited confidentiality and integrity impact. The vulnerability requires valid user credentials (PR:L) and has a publicly available exploit, but EPSS scoring (0.03%, percentile 8%) suggests low real-world exploitation probability despite public POC availability.
SQL injection in Campcodes Advanced Online Voting Management System 1.0 allows authenticated remote attackers to manipulate the voter parameter in /index.php, potentially leading to unauthorized data access or modification. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited confidentiality impact, but publicly available exploit code exists and exploitation probability is rated at 8th percentile by EPSS, suggesting this remains a lower-priority issue despite public POC availability.
A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /admin/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Unrestricted file upload in Campcodes Advanced Online Voting System 1.0 allows authenticated attackers to upload arbitrary files via manipulation of the photo parameter in /admin/voters_add.php. The vulnerability requires valid login credentials (PR:L) but affects confidentiality, integrity, and availability with low severity. Publicly available exploit code exists; however, EPSS score of 0.04% indicates minimal real-world exploitation probability despite public POC availability.
SQL injection in Campcodes Advanced Online Voting System 1.0 allows authenticated remote attackers to manipulate the firstname parameter in /admin/voters_add.php, leading to limited confidentiality and integrity impact. The vulnerability requires valid user credentials (PR:L) and has a publicly available exploit, but EPSS scoring (0.03%, percentile 8%) suggests low real-world exploitation probability despite public POC availability.
SQL injection in Campcodes Advanced Online Voting Management System 1.0 allows authenticated remote attackers to manipulate the voter parameter in /index.php, potentially leading to unauthorized data access or modification. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited confidentiality impact, but publicly available exploit code exists and exploitation probability is rated at 8th percentile by EPSS, suggesting this remains a lower-priority issue despite public POC availability.
A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.