2 matches found
CVE-2019-14347
Schben Adive 2.0.7 contains a privilege-escalation vector in Internal/Views/addUsers.php that lets remote unauthenticated (unprivileged) users with editor/developer roles create an administrator account via admin/user/add. The issue is demonstrated by a Python PoC and is discussed in multiple thi...
CVE-2019-14346
CVE-2019-14346 affects Schben Adive 2.0.7. The vulnerability is a Cross-Site Request Forgery in Internal/Views/config.php that allows an admin/config CSRF to change a user password due to insufficient validation of request origin. Root cause stated as Web application not adequately validating tru...