CVE-2015-20117— RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2015-20117
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation
Source: NVD (National Vulnerability Database)
Vulnerability Description
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and /admin/editadmins.php endpoints to register new users with arbitrary credentials and escalate privileges to SUPERUSER level.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
RealtyScript 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
RealtyScript是RealtyScript公司的一个房地产网站管理系统。 RealtyScript 4.0.2版本存在跨站请求伪造漏洞,该漏洞源于跨站请求伪造,可能导致未经验证攻击者创建未授权用户账户和管理员用户。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Next Click Ventures | RealtyScript | 4.0.2 | - |
II. Public POCs for CVE-2015-20117
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2015-20117
请登录查看更多情报信息。
Same Patch Batch · Next Click Ventures · 2026-03-15 · 7 CVEs total
| CVE-2015-20120 | 8.2 HIGH | RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection |
| CVE-2015-20121 | 8.2 HIGH | RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters |
| CVE-2015-20115 | 7.2 HIGH | RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter |
| CVE-2015-20118 | 7.2 HIGH | RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter |
| CVE-2015-20119 | 6.4 MEDIUM | RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php |
| CVE-2015-20116 | 6.1 MEDIUM | RealtyScript 4.0.2 Stored Cross-Site Scripting via CSV File Upload Filename |
IV. Related Vulnerabilities
Same product: RealtyScript
- CVE-2015-20120
RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection - CVE-2015-20119
RealtyScript 4.0.2 Stored Cross-Site Scripting via text Para - CVE-2015-20118
RealtyScript 4.0.2 Stored Cross-Site Scripting via location_ - CVE-2015-20115
RealtyScript 4.0.2 Stored Cross-Site Scripting via File Uplo - CVE-2015-20116
RealtyScript 4.0.2 Stored Cross-Site Scripting via CSV File
Same vendor: Next Click Ventures
- CVE-2015-20120
RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection - CVE-2015-20121
RealtyScript 4.0.2 SQL Injection via u_id and agent Paramete - CVE-2015-20119
RealtyScript 4.0.2 Stored Cross-Site Scripting via text Para - CVE-2015-20118
RealtyScript 4.0.2 Stored Cross-Site Scripting via location_ - CVE-2015-20115
RealtyScript 4.0.2 Stored Cross-Site Scripting via File Uplo
Same weakness: CWE-352
- CVE-2018-25334
Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag par - CVE-2018-25337
Joomla JoomOCShop 1.0 Cross-Site Request Forgery - CVE-2018-25336
Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery - CVE-2018-25327
Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery - CVE-2018-25321
TP-Link TL-WR720N All Versions CSRF via Administrative Inter
V. Comments for CVE-2015-20117
No comments yet