CVE-2023-37759

CRITICAL

Trendylogics Crypto Currency Tracker < 9.5 - Improper Access Control

Title source: rule

Description

Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.

Exploits (1)

exploitdb WORKING POC

by 0xBr · textwebappsphp

https://www.exploit-db.com/exploits/51688

View Code ZIP pw:eip

References (3)

[Product] https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html

[Not Applicable] https://tregix.com/

Scores

CVSS v3 9.8

EPSS 0.0302

EPSS Percentile 86.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (1)

trendylogics/crypto_currency_tracker < 9.5

Published Sep 08, 2023

Tracked Since Feb 18, 2026