Description
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.rainworx.com/
Exploit, Third Party Advisory x_refsource_misc
https://ebereorisi.com/blog/account-privilege-upgrade-on-auctionworx-software-cve-2022-23904/
Scores
CVSS v3
8.0
EPSS
0.0043
EPSS Percentile
34.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
rainworx/auctionworx
< 3.1 (2 CPE variants)
Published
May 02, 2022
Tracked Since
Feb 18, 2026