add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.
References
Link | Resource |
---|---|
https://0day.today/exploit/31658 | Exploit Third Party Advisory |
https://hackpuntes.com/cve-2018-18922-ticketly-1-0-escalacion-de-privilegios-crear-cuenta-administrador/ | Exploit Third Party Advisory |
https://medium.com/%40javierolmedo/cve-2018-18922-ticketly-1-0-privilege-escalation-add-admin-4d1b3696f367 | |
https://www.exploit-db.com/exploits/45892 | Exploit Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2018-12-13 19:29
Updated : 2023-11-07 02:55
NVD link : CVE-2018-18922
Mitre link : CVE-2018-18922
CVE.ORG link : CVE-2018-18922
JSON object : View
Products Affected
abisoftgt
- ticketly
CWE
CWE-425
Direct Request ('Forced Browsing')