CVE-2018-25174
CSRF in ABC ERP 0.6.4 Allows Admin Credential Modification
Publication date: 2026-03-06
Last updated on: 2026-03-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| abc_erp | abc_erp | 0.6.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in ABC ERP version 0.6.4. It allows attackers to modify administrator credentials and profile information without authentication by submitting forged requests to the endpoint _configurar_perfil.php.
Attackers can craft malicious forms or links containing parameters such as username, password, name, and email to change admin account settings. The vulnerability exists because the application does not verify the legitimacy of the request origin, lacking proper CSRF protections.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to change administrator credentials and profile details without authorization. This means an attacker could potentially take over the admin account, leading to unauthorized access and control over the system.
Such unauthorized changes can compromise the security and integrity of the ERP system, potentially leading to further exploitation, data manipulation, or disruption of business operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP POST requests to the endpoint /admin/run/_configurar_perfil.php that include parameters such as usuario, contrasena1, contrasena2, nombre, and email without proper CSRF tokens or authentication.'}, {'type': 'paragraph', 'content': 'One way to detect potential exploitation attempts is to capture and analyze web traffic for suspicious POST requests targeting the admin profile update functionality.'}, {'type': 'paragraph', 'content': 'For example, using command-line tools like curl or wget, you can simulate or detect such requests.'}, {'type': 'list_item', 'content': 'Use a network traffic analyzer (e.g., tcpdump or Wireshark) to filter HTTP POST requests to /admin/run/_configurar_perfil.php.'}, {'type': 'list_item', 'content': "Example tcpdump command: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '_configurar_perfil.php'"}, {'type': 'list_item', 'content': 'Use curl to test the vulnerability by sending a crafted POST request with parameters similar to the exploit proof-of-concept.'}, {'type': 'list_item', 'content': "Example curl command to test: curl -X POST http://target/admin/run/_configurar_perfil.php -d 'usuario=attacker&contrasena1=pass&contrasena2=pass&nombre=attacker&[email protected]&old_usuario=admin'"}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing proper CSRF protections on the vulnerable endpoint to ensure that requests modifying administrator credentials require a valid CSRF token.
Additionally, restrict access to the /admin/run/_configurar_perfil.php endpoint to authenticated and authorized users only.
If possible, apply patches or updates from the vendor that address this vulnerability.
As a temporary measure, monitor and block suspicious POST requests targeting this endpoint.
Educate administrators to avoid clicking on untrusted links or submitting forms that could trigger unauthorized profile changes.