CVE-2011-4555 Information

Description

One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address.

Reference

http://dmcdonald.net/?page_id=43 https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en&dmode=source&output=gplain