Unrated severityNVD Advisory· Published Mar 15, 2026· Updated Mar 16, 2026
RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation
CVE-2015-20117
Description
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and /admin/editadmins.php endpoints to register new users with arbitrary credentials and escalate privileges to SUPERUSER level.
Affected products
2- Range: = 4.0.2
- Next Click Ventures/RealtyScriptv5Range: 4.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/38496mitreexploit
- www.vulncheck.com/advisories/realtyscript-cross-site-request-forgery-unauthorized-user-creationmitrethird-party-advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5269.phpmitrethird-party-advisory
News mentions
0No linked articles in our index yet.