CVE-2018-25190
CSRF in Easyndexer 1.0 Enables Unauthorized Admin Account Creation
Publication date: 2026-03-06
Last updated on: 2026-03-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rul10 | easyndexer | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Easyndexer 1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to create administrative accounts without authentication.
Attackers can craft malicious web pages that submit forged POST requests to the createuser.php script, specifying parameters such as username, password, name, surname, and setting privileges to 1 to gain administrator access.
This vulnerability exists because the application lacks CSRF protections on the user creation functionality.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to create unauthorized administrator accounts, gaining full administrative privileges on the affected system.
This unauthorized access can lead to privilege escalation, allowing attackers to control the application, modify data, and potentially compromise the entire system.
Additionally, the database file generaldb.db is accessible without authentication, enabling attackers to download sensitive data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized POST requests to the createuser.php endpoint with parameters that create new users, especially those with privileges set to 1 (administrator).'}, {'type': 'paragraph', 'content': 'You can use network traffic analysis tools like tcpdump or Wireshark to capture and inspect HTTP POST requests targeting /src/createuser.php.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture HTTP POST requests to createuser.php: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /src/createuser.php'"}, {'type': 'list_item', 'content': "Use curl or similar tools to test if the endpoint accepts POST requests without authentication: curl -X POST http://target/src/createuser.php -d 'username=test&password=test&name=Test&surname=User&privileges=1'"}, {'type': 'paragraph', 'content': 'Additionally, check if the database file generaldb.db is accessible via direct GET requests, which indicates exposure of sensitive data.'}, {'type': 'list_item', 'content': 'Example curl command to check database file access: curl http://target/databases/generaldb.db'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing CSRF protections on the createuser.php endpoint to prevent unauthorized POST requests from being accepted.
Restrict access to the createuser.php script so that only authenticated and authorized users can create new accounts.
Remove or restrict public access to the generaldb.db database file to prevent unauthorized downloads.
As a temporary measure, monitor and block suspicious POST requests targeting createuser.php that attempt to create users with administrative privileges.