Vulnerability Details CVE-2023-37759
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.1%
CVSS Severity
CVSS v3 Score 9.8
References
- https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008
- https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html
- https://tregix.com/
- https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008
- https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html
- https://tregix.com/
Products affected by CVE-2023-37759
-
cpe:2.3:a:trendylogics:crypto_currency_tracker:6.0
-
cpe:2.3:a:trendylogics:crypto_currency_tracker:7.0
-
cpe:2.3:a:trendylogics:crypto_currency_tracker:8
-
cpe:2.3:a:trendylogics:crypto_currency_tracker:9
-
cpe:2.3:a:trendylogics:crypto_currency_tracker:9.1
-
cpe:2.3:a:trendylogics:crypto_currency_tracker:9.2
-
cpe:2.3:a:trendylogics:crypto_currency_tracker:9.3
-
cpe:2.3:a:trendylogics:crypto_currency_tracker:9.4
-
cpe:2.3:a:trendylogics:crypto_currency_tracker:9.5