CVE-2018-25200
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
Summary
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Zsoft | OOP CMS BLOG | 1.0 | affected |
Weaknesses
- CWE-352: Cross-Site Request Forgery (CSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/45794
- https://www.vulncheck.com/advisories/oop-cms-blog-cross-site-request-forgery-via-adduserphp
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.