utilities/register.asp in Nukedit 4.9.6 and previous versions allows remote malicious users to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nukedit nukedit |
||
nukedit nukedit 4.9.2 |
||
nukedit nukedit 4.9.3 |
||
nukedit nukedit 4.9.0 |
||
nukedit nukedit 4.9.1 |