CVE-2018-17389

HIGH

Live Call Support Application 1.5 - Cross-Site Request Forgery in server.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-17389. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Live Call Support 1.5, allowing an attacker to add an admin user via a crafted POST request. The PoC includes both raw HTTP requests and an HTML form to trigger the vulnerability.

Description

CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/46140

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Live Call Support 1.5, allowing an attacker to add an admin user via a crafted POST request. The PoC includes both raw HTTP requests and an HTML form to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Live Call Support 1.5

No auth needed

Prerequisites: Access to the target application's server.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/author/?a=8844

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/46140

Scores

CVSS v3 8.8

EPSS 0.0091

EPSS Percentile 55.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

ranksol/live_call_support 1.5

Published Jun 19, 2019

Tracked Since Feb 18, 2026