Vulnerabilities > Schben > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-06 CVE-2019-14347 Forced Browsing vulnerability in Schben Adive
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.
network
low complexity
schben CWE-425
8.8
8.8
2019-08-06 CVE-2019-14346 Cross-Site Request Forgery (CSRF) vulnerability in Schben Adive 2.0.7
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
network
low complexity
schben CWE-352
8.8
8.8