CVE-2020-10130 - SearchBlox Product before V-9.1 is vulnerable to Business logic bypass# CVE-2020-10130 - SearchBlox Product before V-9.1 is vulnerable to Business logic bypass
**Product Description:** SearchBlox simplifies enterprise search for complex organizations. SearchBlox intuitive and intelligent tools offer out-of-the-box setup, secure encryption, and low total cost of ownership. AI-powered solutions optimize each step of the search journey to dramatically improve engagement. SearchBlox is the easy choice for leaders in financial services, healthcare, and government.
**Description:** SearchBlox before Version 9.1 is vulnerable to Business logic bypass where the user is able to create multiple super Admin users in the system.
**Vulnerability Type:** Business logic bypass where a user is able to create multiple SuperAdmin users in the system
**Severity Rating:** High
**Vendor of Product:** SearchBlox
**Affected Product Code Base:** SearchBlox-9.1
**Affected Component:** SearchBlox product with version before 9.1 is vulnerable to business logic bypass where a user is able to create multiple SuperAdmin users in the system.
**Attack Type:** Remote
**Impact Information Disclosure:** True
**Attack Vectors:** To exploit this vulnerability attacker must use the below URL
(http://<Web-Interface-URLs>/searchblox/admin/main.jsp)
**Has the vendor confirmed or acknowledged the vulnerability?:** True
**Reference:** [Version 9.1 (searchblox.com) ](https://developer.searchblox.com/v9.2/changelog/version-91)
**Exploit Author:** Amar Kaldate
**Contact:** [ Amar Kaldate | LinkedIn ](https://www.linkedin.com/in/amar-kaldate/)
[4.0K] /data/pocs/b839b3511f0c9b6dca7390bc5d58e075686c069b
└── [1.5K] README.md
0 directories, 1 file