EUVD-2015-9415CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4Tags
Description
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and /admin/editadmins.php endpoints to register new users with arbitrary credentials and escalate privileges to SUPERUSER level.
Analysis
RealtyScript 4.0.2 contains a cross-site request forgery (CSRF) vulnerability in its user management endpoints that allows unauthenticated attackers to create arbitrary user accounts and escalate privileges to SUPERUSER level without authentication. The vulnerability affects the /admin/addusers.php and /admin/editadmins.php endpoints, which process hidden form data without CSRF token validation. An attacker can craft malicious web pages or emails containing hidden forms that, when visited by an authenticated administrator, silently create new administrative accounts under the attacker's control, leading to complete system compromise.
Technical Context
The vulnerability is rooted in CWE-352 (Cross-Site Request Forgery), a class of attacks where an application fails to validate that state-changing requests originate from the legitimate user rather than from an attacker-controlled source. RealtyScript 4.0.2, a property management/real estate application developed by Next Click Ventures, implements administrative user management functions in /admin/addusers.php and /admin/editadmins.php without implementing anti-CSRF protections such as cryptographic tokens, SameSite cookie attributes, or referer validation. The affected product is specifically identified under the real estate software category. When a user with administrative privileges visits a malicious webpage, the browser automatically includes session cookies in requests to the RealtyScript domain, allowing the attacker to perform privileged actions such as creating SUPERUSER accounts without the administrator's knowledge or consent. The lack of request origin validation means the application processes form submissions regardless of their true source, making this a classic POST-based CSRF attack vector.
Affected Products
Next Click Ventures RealtyScript version 4.0.2 is confirmed affected. This is a real estate management software platform commonly used by property management companies and real estate brokers. The vulnerability has been publicly identified and disclosed for this specific version. Users of RealtyScript 4.0.2 should immediately check vendor advisories and security bulletins from Next Click Ventures for available patches or mitigations, as this version is explicitly documented as vulnerable to CSRF attacks on administrative endpoints.
Remediation
The primary remediation is to upgrade RealtyScript to a patched version released after 4.0.2 that implements CSRF protections. Contact Next Click Ventures immediately to obtain a security update or patch for version 4.0.2, or upgrade to the latest stable release if available. As immediate compensating controls pending patching: implement SameSite=Strict cookie attributes on all session cookies to prevent cross-site cookie transmission, enforce HTTPS-only connections (Secure flag), deploy a Web Application Firewall (WAF) to detect and block suspicious cross-origin form submissions, require multi-factor authentication for all administrative accounts to limit the impact of unauthorized admin account creation, and educate administrative users not to click links or visit untrusted websites while logged into RealtyScript. Additionally, review recent audit logs for suspicious user account creation events that may indicate past exploitation, and consider implementing CSRF tokens on all state-changing endpoints as a code-level fix if vendor patches are delayed.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today