What is the CVSS score of CVE-2015-20117?

CVE-2015-20117 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of PHP are affected by CVE-2015-20117?

Organizations using Next Click Ventures RealtyScript 4.0.2 should be aware of moderate risk from CVE-2015-20117, a cross-site request forgery vulnerability rated CVSS 5.3.

Is there a public PoC exploit available for CVE-2015-20117?

Yes, a public proof-of-concept exploit is available for CVE-2015-20117. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2015-20117?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify anti-CSRF tokens are enforced.

PHP CVE-2015-20117

EUVD-2015-9415 MEDIUM

Cross-Site Request Forgery (CSRF) (CWE-352)

2026-03-15 VulnCheck

CSRF PHP Realtyscript

5.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.3 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 15, 2026 - 20:00 euvd

EUVD-2015-9415

Analysis Generated

Mar 15, 2026 - 20:00 vuln.today

CVE Published

Mar 15, 2026 - 18:34 nvd

MEDIUM 5.3

DescriptionCVE.org

Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and /admin/editadmins.php endpoints to register new users with arbitrary credentials and escalate privileges to SUPERUSER level.

AnalysisAI

RealtyScript 4.0.2 contains a cross-site request forgery (CSRF) vulnerability in its user management endpoints that allows unauthenticated attackers to create arbitrary user accounts and escalate privileges to SUPERUSER level without authentication. The vulnerability affects the /admin/addusers.php and /admin/editadmins.php endpoints, which process hidden form data without CSRF token validation. An attacker can craft malicious web pages or emails containing hidden forms that, when visited by an authenticated administrator, silently create new administrative accounts under the attacker's control, leading to complete system compromise.

Technical ContextAI

The vulnerability is rooted in CWE-352 (Cross-Site Request Forgery), a class of attacks where an application fails to validate that state-changing requests originate from the legitimate user rather than from an attacker-controlled source. RealtyScript 4.0.2, a property management/real estate application developed by Next Click Ventures, implements administrative user management functions in /admin/addusers.php and /admin/editadmins.php without implementing anti-CSRF protections such as cryptographic tokens, SameSite cookie attributes, or referer validation. The affected product is specifically identified under the real estate software category. When a user with administrative privileges visits a malicious webpage, the browser automatically includes session cookies in requests to the RealtyScript domain, allowing the attacker to perform privileged actions such as creating SUPERUSER accounts without the administrator's knowledge or consent. The lack of request origin validation means the application processes form submissions regardless of their true source, making this a classic POST-based CSRF attack vector.

RemediationAI

The primary remediation is to upgrade RealtyScript to a patched version released after 4.0.2 that implements CSRF protections. Contact Next Click Ventures immediately to obtain a security update or patch for version 4.0.2, or upgrade to the latest stable release if available. As immediate compensating controls pending patching: implement SameSite=Strict cookie attributes on all session cookies to prevent cross-site cookie transmission, enforce HTTPS-only connections (Secure flag), deploy a Web Application Firewall (WAF) to detect and block suspicious cross-origin form submissions, require multi-factor authentication for all administrative accounts to limit the impact of unauthorized admin account creation, and educate administrative users not to click links or visit untrusted websites while logged into RealtyScript. Additionally, review recent audit logs for suspicious user account creation events that may indicate past exploitation, and consider implementing CSRF tokens on all state-changing endpoints as a code-level fix if vendor patches are delayed.

More from same product – last 7 days

CVE-2026-49952 CRITICAL Act Now POC

9.3 Jun 15

Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce

CVE-2026-49954 HIGH This Week POC

8.6 Jun 15

Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a

CVE-2026-49768 CRITICAL Act Now

9.8 Jun 15

Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to

CVE-2026-27053 CRITICAL Act Now

9.8 Jun 15

Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot

CVE-2026-49104 CRITICAL Act Now

9.8 Jun 15

Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo

CVE-2015-20117 vulnerability details – vuln.today

Back

PHP CVE-2015-20117

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code