{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2165", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-07T09:11:41.742Z", "datePublished": "2026-02-08T16:32:14.426Z", "dateUpdated": "2026-02-23T09:44:57.398Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:44:57.398Z"}, "title": "detronetdip E-commerce Account Creation Endpoint add_seller.php missing authentication", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-306", "lang": "en", "description": "Missing Authentication"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "Improper Authentication"}]}], "affected": [{"vendor": "detronetdip", "product": "E-commerce", "versions": [{"version": "1.0.0", "status": "affected"}], "cpes": ["cpe:2.3:a:detronetdip:e-commerce:*:*:*:*:*:*:*:*"], "modules": ["Account Creation Endpoint"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-07T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-07T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-19T21:31:09.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Nixon-H (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.344867", "name": "VDB-344867 | detronetdip E-commerce Account Creation Endpoint add_seller.php missing authentication", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344867", "name": "VDB-344867 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.751857", "name": "Submit #751857 | detronetdip E-commerce 1.0 Access Control Violation", "tags": ["third-party-advisory"]}, {"url": "https://github.com/detronetdip/E-commerce/issues/23", "tags": ["issue-tracking"]}, {"url": "https://github.com/Nixon-H/Unauthenticated-Admin-Account-Creation", "tags": ["exploit"]}, {"url": "https://github.com/detronetdip/E-commerce/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T21:10:36.093631Z", "id": "CVE-2026-2165", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T21:10:43.323Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2165", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-09T21:10:36.093631Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T21:10:40.294Z"}}], "cna": {"title": "detronetdip E-commerce Account Creation Endpoint add_seller.php missing authentication", "credits": [{"lang": "en", "type": "reporter", "value": "Nixon-H (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:detronetdip:e-commerce:*:*:*:*:*:*:*:*"], "vendor": "detronetdip", "modules": ["Account Creation Endpoint"], "product": "E-commerce", "versions": [{"status": "affected", "version": "1.0.0"}]}], "timeline": [{"lang": "en", "time": "2026-02-07T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-07T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-19T21:31:09.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.344867", "name": "VDB-344867 | detronetdip E-commerce Account Creation Endpoint add_seller.php missing authentication", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344867", "name": "VDB-344867 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.751857", "name": "Submit #751857 | detronetdip E-commerce 1.0 Access Control Violation", "tags": ["third-party-advisory"]}, {"url": "https://github.com/detronetdip/E-commerce/issues/23", "tags": ["issue-tracking"]}, {"url": "https://github.com/Nixon-H/Unauthenticated-Admin-Account-Creation", "tags": ["exploit"]}, {"url": "https://github.com/detronetdip/E-commerce/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "Missing Authentication"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "Improper Authentication"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:44:57.398Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2165", "state": "PUBLISHED", "dateUpdated": "2026-02-23T09:44:57.398Z", "dateReserved": "2026-02-07T09:11:41.742Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-08T16:32:14.426Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:detronetdip:e-commerce:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C36062CE-323B-47C8-BFD8-BC932DBD1A52", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}, {"lang": "es", "value": "Se ha identificado una debilidad en detronetdip E-commerce 1.0.0. Se ve afectada una funci\u00f3n desconocida del archivo /Admin/assets/backend/seller/add_seller.PHP del componente Punto final de creaci\u00f3n de cuenta. La ejecuci\u00f3n de una manipulaci\u00f3n del argumento email puede llevar a una falta de autenticaci\u00f3n. El ataque puede ejecutarse de forma remota. El exploit se ha puesto a disposici\u00f3n del p\u00fablico y podr\u00eda usarse para ataques. Se inform\u00f3 al proyecto del problema con antelaci\u00f3n a trav\u00e9s de un informe de incidencias, pero a\u00fan no ha respondido."}], "id": "CVE-2026-2165", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-08T17:15:58.593", "references": [{"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://github.com/Nixon-H/Unauthenticated-Admin-Account-Creation"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/detronetdip/E-commerce/"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://github.com/detronetdip/E-commerce/issues/23"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.344867"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.344867"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.751857"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-306"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T13:12:37.775327+00:00", "value": {"mitigation_remediation": ["If a newer release of detronetdip E\u2011commerce that implements authentication checks for add_seller.php exists, deploy it.", "Insert an explicit authentication and administrator\u2011privilege check into the add_seller.php script so only logged\u2011in administrators can invoke the endpoint.", "Configure the web server or firewall to deny public HTTP access to /Admin/assets/backend/seller/add_seller.php until the authentication verification is in place."], "summary": {"action": "Restrict Access", "impact": "Unauthorized seller account creation enabling privileged roles"}, "threat_synthesis": {"affected_systems": "The affected product is detronetdip\u2019s E\u2011commerce 1.0.0, specifically the add_seller.php file located under /Admin/assets/backend/seller/ which handles the creation of seller accounts via a backend endpoint.", "description_and_impact": "A flaw in detronetdip\u2019s E\u2011commerce 1.0.0 allows attackers to bypass authentication when they call the /Admin/assets/backend/seller/add_seller.php endpoint by manipulating the email parameter, creating seller accounts without verification. The vulnerability is an Authentication Bypass (CWE\u2011287) and Missing Authentication (CWE\u2011306) that can be triggered remotely with crafted HTTP requests, granting an attacker the ability to assume a seller role and potentially access sensitive data or perform other privileged actions within the application.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity, while the EPSS score of less than 1% suggests a low but non\u2011zero likelihood of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog, yet code to exercise the flaw is publicly available on GitHub. Attackers can exploit the remote access vector by sending crafted requests to the endpoint, potentially creating multiple unauthorized seller accounts and enabling further compromise or privilege escalation."}}}}, "created": "2026-02-09T10:39:59.618574+00:00", "updated": "2026-04-18T13:15:25.719190+00:00", "vendors": ["detronetdip", "detronetdip$PRODUCT$e-commerce"]}