CVE-2018-25186
CSRF in Tina4 1.0.3 Allows Admin Credential Modification
Publication date: 2026-03-06
Last updated on: 2026-03-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tina4 | tina4_stack | 1.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2018-25186 is a Cross-Site Request Forgery (CSRF) vulnerability in Tina4 Stack version 1.0.3. It allows attackers to modify administrator user credentials by submitting forged POST requests to the /kim/profile endpoint without authentication.'}, {'type': 'paragraph', 'content': "Attackers can craft malicious HTML forms that automatically submit data such as passwords, email addresses, and other profile details to update admin accounts silently when an authenticated user visits the attacker's page."}] [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to take over administrator accounts by changing their credentials without authorization.
- Unauthorized modification of admin user details such as password and email.
- Potential loss of control over the affected application due to compromised admin accounts.
- Increased risk of further exploitation or unauthorized access within the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized POST requests to the /kim/profile endpoint that attempt to modify administrative user details without proper authentication.'}, {'type': 'paragraph', 'content': 'One way to detect exploitation attempts is to capture and analyze HTTP traffic for suspicious POST requests containing parameters like txtUSER_ID, txtFIRST_NAME, txtLAST_NAME, txtEMAIL, txtPASSWORD, txtSTATUS, and txtCREATED targeting the /kim/profile path.'}, {'type': 'paragraph', 'content': 'For example, using command-line tools such as curl or tcpdump can help identify such requests.'}, {'type': 'list_item', 'content': "Use tcpdump or Wireshark to capture HTTP POST requests to /kim/profile: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/kim/profile'"}, {'type': 'list_item', 'content': "Use curl to manually test the endpoint with crafted POST data to see if unauthorized updates are accepted: curl -v -X POST http://<target>/kim/profile -F 'txtUSER_ID=1' -F 'txtFIRST_NAME=attacker' -F 'txtLAST_NAME=changed' -F '[email protected]' -F 'txtPASSWORD=newpass' -F 'txtSTATUS=active' -F 'txtCREATED=2026-01-01'"}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing CSRF protections on the /kim/profile endpoint to prevent unauthorized POST requests from being accepted.
This can be done by adding anti-CSRF tokens to forms and validating them on the server side.
Additionally, restricting access to the profile update functionality to authenticated and authorized users only, and validating the origin of requests can help mitigate the risk.
If possible, update or patch the Tina4 Stack software to a version that addresses this vulnerability.
As a temporary measure, monitoring and blocking suspicious POST requests to /kim/profile at the network or application firewall level can reduce exposure.