Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/155213/Adive-Framework-2.0.7-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
https://github.com/ferdinandmartin/adive-php | Broken Link |
https://hackpuntes.com/cve-2019-14347-escalacion-de-privilegios-en-adive/ | Exploit Third Party Advisory |
Configurations
History
03 Mar 2023, 18:41
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/155213/Adive-Framework-2.0.7-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2019-08-06 17:15
Updated : 2024-02-04 20:20
NVD link : CVE-2019-14347
Mitre link : CVE-2019-14347
CVE.ORG link : CVE-2019-14347
JSON object : View
Products Affected
schben
- adive
CWE
CWE-425
Direct Request ('Forced Browsing')