CVE-2025-6352

Published: Jun 20, 2025Modified: Oct 23, 2025

5.5

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Fabian: Automated Voting System

1 product

Automated Voting System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fabian Automated Voting System	Version 1.0

Related CWEs

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (6)

https://code-projects.org/

Source: cna@vuldb.com

Product

https://github.com/asd1238525/cve/blob/main/Unauthorized.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.313344

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.313344

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.597239

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/asd1238525/cve/blob/main/Unauthorized.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.