CVE-2023-37759

CRITICAL

Crypto Currency Tracker < 9.5 - Unauthenticated Admin Registration via User Registration Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-37759. PoCs published by 0xBr.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated admin account creation vulnerability in Crypto Currency Tracker (CCT) 9.5 by sending a crafted POST request to the registration endpoint with a role_id of 1 (admin). The request bypasses authentication and creates an admin account.

Description

Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.

Exploits (1)

exploitdb WORKING POC
by 0xBr · textwebappsphp
https://www.exploit-db.com/exploits/51688

This exploit demonstrates an unauthenticated admin account creation vulnerability in Crypto Currency Tracker (CCT) 9.5 by sending a crafted POST request to the registration endpoint with a role_id of 1 (admin). The request bypasses authentication and creates an admin account.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Crypto Currency Tracker (CCT) <=9.5
No auth needed
Prerequisites: Network access to the target application · Valid XSRF-TOKEN and laravel_session cookies · Valid reCAPTCHA response
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0375
EPSS Percentile 88.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-284
Status published
Products (1)
trendylogics/crypto_currency_tracker < 9.5
Published Sep 08, 2023
Tracked Since Feb 18, 2026