CVE-2020-10130

HIGH

SearchBlox < 9.1 - Unauthenticated Business Logic Bypass for Super Admin Creation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10130. PoCs published by InfoSec4Fun.

AI-analyzed exploit summary This repository contains a writeup describing CVE-2020-10130, a business logic bypass vulnerability in SearchBlox before version 9.1. The vulnerability allows an attacker to create multiple SuperAdmin users, potentially leading to unauthorized access and privilege escalation.

Description

SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.

Exploits (1)

nomisec WRITEUP

by InfoSec4Fun · poc

https://github.com/InfoSec4Fun/CVE-2020-10130

View Code ZIP pw:eip

This repository contains a writeup describing CVE-2020-10130, a business logic bypass vulnerability in SearchBlox before version 9.1. The vulnerability allows an attacker to create multiple SuperAdmin users, potentially leading to unauthorized access and privilege escalation.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: SearchBlox before version 9.1

Auth required

Prerequisites: Access to the admin interface URL

MITRE ATT&CK

T1556.004 - Network Device Authentication

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Release Notes

https://developer.searchblox.com/v9.2/changelog/version-91

Scores

CVSS v3 8.8

EPSS 0.0078

EPSS Percentile 51.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-639

Status published

Products (1)

searchblox/searchblox < 9.1

Published Sep 06, 2023

Tracked Since Feb 18, 2026