CVE-2018-6180

CRITICAL

Online Voting System 1.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6180. PoCs published by Giulio Comi.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Online Voting System 1.0 by allowing an unauthenticated user to reset the password of any account by manipulating the user ID in a POST request. The PoC sends a crafted request to the profile.php endpoint to change the password and then logs in with the new credentials.

Description

A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.

Exploits (1)

exploitdb WORKING POC
by Giulio Comi · pythonwebappsphp
https://www.exploit-db.com/exploits/43967

This exploit demonstrates an authentication bypass vulnerability in Online Voting System 1.0 by allowing an unauthenticated user to reset the password of any account by manipulating the user ID in a POST request. The PoC sends a crafted request to the profile.php endpoint to change the password and then logs in with the new credentials.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Online Voting System 1.0
No auth needed
Prerequisites: Target application must be accessible · User ID of the target account must be known or guessable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43967/

Scores

CVSS v3 9.8
EPSS 0.0410
EPSS Percentile 89.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (1)
themashabrand/online_voting_platform 1.0
Published Feb 08, 2018
Tracked Since Feb 18, 2026