Voting System
Monthly
Stored cross-site scripting (XSS) in code-projects Voting System 1.0 allows remote attackers to inject malicious scripts via the Firstname, Lastname, or Platform parameters in /admin/voters_add.php, requiring user interaction to trigger payload execution. The vulnerability has a low CVSS score (2.1) due to UI requirement, but publicly available exploit code exists and the attack requires no authentication or special configuration.
Unrestricted file upload in code-projects Voting System 1.0 allows authenticated high-privilege administrators to upload arbitrary files via the photo parameter in /admin/voters_add.php, potentially leading to remote code execution. The vulnerability requires high-privilege credentials (PR:H) to exploit and affects only administrative functions; publicly available exploit code exists but exploitation is limited to admin-authenticated attackers with access to the administrative interface.
Stored cross-site scripting (XSS) in code-projects Voting System 1.0 allows authenticated users with low privileges to inject malicious scripts via the Firstname, Lastname, or Platform parameters in /admin/candidates_edit.php, which execute in the context of other users' browsers when the edited candidate record is viewed. The vulnerability requires user interaction (UI:P) but affects integrity of data displayed to administrators. Exploit code is publicly available on GitHub, though EPSS score of 0.03% indicates limited real-world exploitation despite published POC.
Unrestricted file upload in code-projects Voting System 1.0 allows authenticated remote attackers to upload arbitrary files via the photo parameter in /admin/candidates_add.php, potentially enabling remote code execution. The vulnerability requires valid administrative credentials and has been publicly disclosed with exploit code available, though real-world exploitation risk is minimal given the CVSS 2.1 score and 0.06% EPSS percentile reflecting low automatable impact and authentication barriers.
Stored cross-site scripting (XSS) in code-projects Voting System 1.0 allows remote attackers to inject malicious scripts via the Firstname, Lastname, or Platform parameters in /admin/voters_add.php, requiring user interaction to trigger payload execution. The vulnerability has a low CVSS score (2.1) due to UI requirement, but publicly available exploit code exists and the attack requires no authentication or special configuration.
Unrestricted file upload in code-projects Voting System 1.0 allows authenticated high-privilege administrators to upload arbitrary files via the photo parameter in /admin/voters_add.php, potentially leading to remote code execution. The vulnerability requires high-privilege credentials (PR:H) to exploit and affects only administrative functions; publicly available exploit code exists but exploitation is limited to admin-authenticated attackers with access to the administrative interface.
Stored cross-site scripting (XSS) in code-projects Voting System 1.0 allows authenticated users with low privileges to inject malicious scripts via the Firstname, Lastname, or Platform parameters in /admin/candidates_edit.php, which execute in the context of other users' browsers when the edited candidate record is viewed. The vulnerability requires user interaction (UI:P) but affects integrity of data displayed to administrators. Exploit code is publicly available on GitHub, though EPSS score of 0.03% indicates limited real-world exploitation despite published POC.
Unrestricted file upload in code-projects Voting System 1.0 allows authenticated remote attackers to upload arbitrary files via the photo parameter in /admin/candidates_add.php, potentially enabling remote code execution. The vulnerability requires valid administrative credentials and has been publicly disclosed with exploit code available, though real-world exploitation risk is minimal given the CVSS 2.1 score and 0.06% EPSS percentile reflecting low automatable impact and authentication barriers.