CVE-2019-14347

Опубликовано: 06 авг. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.

Ссылки

http://packetstormsecurity.com/files/155213/Adive-Framework-2.0.7-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/ferdinandmartin/adive-php
Broken Link
https://hackpuntes.com/cve-2019-14347-escalacion-de-privilegios-en-adive/
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/155213/Adive-Framework-2.0.7-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/ferdinandmartin/adive-php
Broken Link
https://hackpuntes.com/cve-2019-14347-escalacion-de-privilegios-en-adive/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schben:adive:*:*:*:*:*:*:*:*

Версия до 2.0.7 (включая)

EPSS

Процентиль: 86%

0.03084

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-425

Связанные уязвимости

GHSA-2p6x-825w-g8f6