Vaelsys V4 Improper Authorization Vulnerability in User Creation Handler
Vulnerability
A critical vulnerability exists in Vaelsys version 4.1.0, specifically within the User Creation Handler component. The issue arises from improper authorization in the file '/grid/vgrid_server.php', allowing remote attackers to create unauthorized user accounts, including those with administrative privileges. Exploitation involves sending crafted POST requests to the vulnerable endpoint, bypassing all authentication and authorization controls. A valid PHP session ID is required for exploitation.
Impact
Exploitation of this vulnerability allows for unauthorized user creation, including users with administrative rights.
Reproduction
To reproduce this vulnerability, send a POST request to the '/grid/vgrid_server.php' endpoint with the 'xajax' parameter set to 'save'. Include the 'xajaxargs' parameter with a crafted XML query that specifies the username, password, and other required fields. The absence of proper authorization checks will result in the creation of the specified user account.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.