CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 3CVE-2019-14347 – Adive Framework 2.0.7 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-14347
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. El archivo Internal/Views/addUsers.php en Adive de Schben versión 2.0.7, permite a los usuarios remotos no privilegiados (editor o desarrollador) crear una cuenta de administrador por medio de admin/user/add, como es demostrado mediante un script PoC de Python. Adive Framework version 2.0.7 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/47600 http://packetstormsecurity.com/files/155213/Adive-Framework-2.0.7-Privilege-Escalation.html https://github.com/ferdinandmartin/adive-php https://hackpuntes.com/cve-2019-14347-escalacion-de-privilegios-en-adive • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2019-14346 – Adive Framework 2.0.7 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-14346
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. El archivo Internal/Views/config.php en Adive de Schben versión 2.0.7, permite que un ataque de tipo CSRF de admin/config cambie una contraseña de usuario. Adive Framework version 2.0.7 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/47217 http://packetstormsecurity.com/files/153989/Adive-Framework-2.0.7-Cross-Site-Request-Forgery.html https://hackpuntes.com/cve-2019-14346-adive-framework-2-0-7-cross-site-request-forgery https://www.adive.es • CWE-352: Cross-Site Request Forgery (CSRF) •