Headline
CVE-2021-3172: #2351 - User IP fixes, and Poll Voting form token to 1 count per scre… · PHPFusion/PHPFusion@7b8df69
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.
@@ -455,9 +455,10 @@ public function DisplayPoll() { $render[‘poll_table’][0][‘poll_option’][] = form_checkbox('check’, $data1, '-1’, [‘reverse_label’ => TRUE, ‘type’ => 'radio’, ‘value’ => $im1, ‘input_id’ => 'check-'.$im1]); }
$render[‘poll_table’][0][‘openform’] = openform('voteform’, 'post’, clean_request(), [‘enctype’ => TRUE]).form_hidden('poll_id’, '’, $data[‘poll_id’]); $render[‘poll_table’][0][‘openform’] = openform('voteform’, 'post’, clean_request(), ['max_tokens’=>1]).form_hidden('poll_id’, '’, $data[‘poll_id’]); $render[‘poll_table’][0][‘button’] = form_button("cast_vote", self::$locale[‘POLL_020’], self::$locale[‘POLL_020’], [‘class’ => ‘btn-primary’]); $render[‘poll_table’][0][‘closeform’] = closeform();
} else { if (!empty($data[‘poll_title’]) && $data[‘poll_started’] < time()) { $render[‘poll_table’][0][‘max_vote’] = $this->_countVote(“poll_id=’".$data[‘poll_id’]."’”);