First published: Tue Aug 06 2019(Updated: )
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Schben Adive | <=2.0.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-14347 is a vulnerability in Schben Adive 2.0.7 that allows remote unprivileged users to create an administrator account.
CVE-2019-14347 has a severity rating of 8.8 (high).
Remote unprivileged users can exploit CVE-2019-14347 by using the admin/user/add feature in Schben Adive 2.0.7.
Yes, a Python PoC script is available for CVE-2019-14347.
To fix CVE-2019-14347, update to a version of Schben Adive that is not affected by the vulnerability.