CVE-2018-25200

OOP CMS BLOG 1.0 Cross-Site Request Forgery via addUser.php

CVSS 6.9 MEDIUMEPSS 0.2%CWE-352

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

Produtos afetados

Zsoft · OOP CMS BLOG

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.exploit-db.com/exploits/45794 https://www.vulncheck.com/advisories/oop-cms-blog-cross-site-request-forgery-via-adduserphp