Arbitrary User Account Creation with Administrator Privileges in Plixer International Scrutinizer NetFlow & sFlow Analyzer
CVE-2012-1258 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.
Learn more about our User Device Pen Test.