CVE-2026-2165

Published February 8th, 2026

View on NVD ↗

CVSS v3

7.3

HIGH

CVSS v2

7.5

HIGH

Affected

PROJECTS

Description

A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

detronetdip/E-commerce

A multivendor ecommerce website with admin panel, seller panel and deliveryboy panel

GitHub

134

Nixon-H/Unauthenticated-Admin-Account-Creation

Description: A Critical (9.8) vulnerability where administrative backend scripts lack session validation. Unauthenticated attackers can send direct POST requests to create new "Active" seller or user accounts, bypassing the admin dashboard login and all registration approval workflows.

GitHub