CVE-2019-18651

MEDIUM

3xLogic Infinias Access Control <=6.6.9586.0 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-18651. PoCs published by crypt0crc.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2019-18651, a CSRF vulnerability in Infinias Access Control (IntelliM) that allows an attacker to delete user accounts via a crafted HTML form or URL. The PoC includes specific exploit code and technical details about the vulnerability.

Description

A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. The user needs to have an active privileged session.

Exploits (1)

gitlab WORKING POC
by crypt0crc · poc
https://gitlab.com/crypt0crc/cve-2019-18651

This repository provides a functional proof-of-concept for CVE-2019-18651, a CSRF vulnerability in Infinias Access Control (IntelliM) that allows an attacker to delete user accounts via a crafted HTML form or URL. The PoC includes specific exploit code and technical details about the vulnerability.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Infinias Access Control (IntelliM) version 6.6.9586.0 and lower
Auth required
Prerequisites: Victim must be logged into the IntelliM web console · Attacker must trick the victim into visiting a malicious site or clicking a crafted URL
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gitlab.com/crypt0crc/cve-2019-18651

Scores

CVSS v3 6.5
EPSS 0.0071
EPSS Percentile 48.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
3xlogic/infinias_access_control_firmware < 6.6.9586.0
Published Nov 14, 2019
Tracked Since Feb 18, 2026