CVE-2015-20117 in RealtyScript
Summary
by MITRE • 03/16/2026
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and /admin/editadmins.php endpoints to register new users with arbitrary credentials and escalate privileges to SUPERUSER level.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/20/2026
This cross-site request forgery vulnerability in Next Click Ventures RealtyScript version 4.0.2 represents a critical security flaw that undermines the application's authentication and authorization mechanisms. The vulnerability exists due to the absence of proper validation and anti-CSRF tokens in the administrative endpoints, specifically targeting the /admin/addusers.php and /admin/editadmins.php pages. Attackers can exploit this weakness by crafting malicious HTML forms that automatically submit requests to these endpoints without user consent, effectively bypassing the normal authentication flow. The flaw allows unauthenticated adversaries to register new user accounts with arbitrary credentials and escalate their privileges to the highest administrative level, which constitutes a severe privilege escalation vulnerability.
The technical implementation of this CSRF attack exploits the trust relationship between the web application and its users. When legitimate administrative users navigate to pages containing malicious links or embedded forms, their browsers automatically submit requests to the vulnerable endpoints without requiring any user interaction or authentication. This behavior stems from the application's failure to implement proper CSRF protection mechanisms such as synchronizer tokens or origin validation checks. The vulnerability is particularly dangerous because it allows attackers to create accounts with administrative privileges, effectively granting them complete control over the application's user management system and potentially the entire underlying infrastructure.
The operational impact of this vulnerability extends beyond simple account creation, as it enables full administrative access to the RealtyScript application. Attackers can not only add new users but also modify existing user accounts, delete critical data, and manipulate the application's core functionality. This privilege escalation capability means that an attacker who successfully exploits this vulnerability can essentially take complete control of the web application, potentially leading to data breaches, service disruption, and unauthorized access to sensitive information. The vulnerability affects the application's integrity and confidentiality properties, as it allows unauthorized modifications to the user database and administrative configurations.
Security mitigations for this vulnerability should focus on implementing robust CSRF protection mechanisms throughout the application. The primary recommendation involves implementing anti-CSRF tokens that are generated for each user session and validated on every state-changing request to administrative endpoints. Additionally, the application should implement proper origin checking and referer header validation to ensure that requests originate from legitimate sources within the application. The system should also enforce strict authentication requirements for all administrative functions and implement proper session management controls. Organizations should consider implementing web application firewalls and monitoring for suspicious activities related to user account creation and privilege escalation attempts. This vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery, and maps to ATT&CK technique T1078 for valid accounts and T1548 for privilege escalation, emphasizing the need for comprehensive security controls to prevent unauthorized access and maintain application integrity.