CVE-2023-6768

CRITICAL

Amazing Little Poll 1.3-1.4 - Unauthenticated Authentication Bypass via lp_admin.php adminstep Parameter

Title source: llm

Description

Authentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. This vulnerability could allow an unauthenticated user to access the admin panel without providing any credentials by simply accessing the "lp_admin.php?adminstep=" parameter.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amazing-little-poll

Scores

CVSS v3 9.4

EPSS 0.0098

EPSS Percentile 57.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (2)

mr-corner/amazing_little_poll 1.3

mr-corner/amazing_little_poll 1.4

Published Dec 20, 2023

Tracked Since Feb 18, 2026