cve/2018/CVE-2018-18922.md

### [CVE-2018-18922](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18922)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.

### POC

#### Reference
- https://0day.today/exploit/31658
- https://hackpuntes.com/cve-2018-18922-ticketly-1-0-escalacion-de-privilegios-crear-cuenta-administrador/
- https://medium.com/@javierolmedo/cve-2018-18922-ticketly-1-0-privilege-escalation-add-admin-4d1b3696f367
- https://www.exploit-db.com/exploits/45892

#### Github
- https://github.com/JavierOlmedo/JavierOlmedo
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-18922](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18922)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.`

			`### POC`

			`#### Reference`
			`- https://0day.today/exploit/31658`
			`- https://hackpuntes.com/cve-2018-18922-ticketly-1-0-escalacion-de-privilegios-crear-cuenta-administrador/`
			`- https://medium.com/@javierolmedo/cve-2018-18922-ticketly-1-0-privilege-escalation-add-admin-4d1b3696f367`
			`- https://www.exploit-db.com/exploits/45892`

			`#### Github`
			`- https://github.com/JavierOlmedo/JavierOlmedo`