Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and /admin/editadmins.php endpoints to register new users with arbitrary credentials and escalate privileges to SUPERUSER level.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Sun, 15 Mar 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and /admin/editadmins.php endpoints to register new users with arbitrary credentials and escalate privileges to SUPERUSER level. | |
| Title | RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation | |
| Weaknesses | CWE-352 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-03-15T18:34:16.030Z
Reserved: 2026-03-15T18:06:12.182Z
Link: CVE-2015-20117
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.