Unrated severityNVD Advisory· Published Mar 15, 2026· Updated Mar 16, 2026
RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation
CVE-2015-20117
Description
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and /admin/editadmins.php endpoints to register new users with arbitrary credentials and escalate privileges to SUPERUSER level.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 4.0.2+ 1 more
- (no CPE)range: = 4.0.2
- (no CPE)range: 4.0.2
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/38496mitreexploit
- www.vulncheck.com/advisories/realtyscript-cross-site-request-forgery-unauthorized-user-creationmitrethird-party-advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5269.phpmitrethird-party-advisory
News mentions
0No linked articles in our index yet.