Nixon-H/Unauthenticated-Admin-Account-Creation
GitHub
Releases0
Stars1
Description: A Critical (9.8) vulnerability where administrative backend scripts lack session validation. Unauthenticated attackers can send direct POST requests to create new "Active" seller or user accounts, bypassing the admin dashboard login and all registration approval workflows.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 7.3 HIGH | 7.5 HIGH | ||
A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | |||