CVE-2018-25200
CSRF in OOP CMS BLOG 1.0 Allows Admin Account Creation
Publication date: 2026-03-06
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tomalofficial | php_oop_cms_blog | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in OOP CMS BLOG 1.0 is a Cross-Site Request Forgery (CSRF) flaw that allows attackers to create administrative user accounts without authentication.
Attackers can craft malicious POST requests to the addUser.php endpoint, submitting parameters such as userName, password, email, and role set to administrative privileges.
Because the application lacks CSRF protections like anti-CSRF tokens or request validation, an attacker can trick an authenticated administrator into unknowingly submitting this malicious form, thereby creating a new admin user covertly.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized attackers to gain administrative access to the CMS by creating new admin user accounts without proper authorization.
With administrative privileges, attackers can potentially control the website, modify content, access sensitive data, or perform other malicious actions that compromise the integrity and security of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP POST requests to the admin/addUser.php endpoint of the OOP CMS BLOG 1.0 application. Specifically, look for POST requests that include parameters such as userName, password, email, and role set to administrative privileges (role=0).'}, {'type': 'paragraph', 'content': 'You can use network traffic analysis tools or web server logs to identify suspicious POST requests that attempt to create new users with administrative roles without proper authorization.'}, {'type': 'paragraph', 'content': 'Example commands to detect such activity include:'}, {'type': 'list_item', 'content': "Using tcpdump to capture HTTP POST requests to addUser.php: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /admin/addUser.php'"}, {'type': 'list_item', 'content': "Using grep on web server access logs to find suspicious POST requests: grep 'POST /admin/addUser.php' /var/log/apache2/access.log | grep 'role=0'"}, {'type': 'list_item', 'content': 'Using a web application firewall (WAF) or intrusion detection system (IDS) to alert on POST requests to addUser.php with parameters indicating user creation with admin privileges.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing CSRF protections on the addUser.php endpoint to prevent unauthorized POST requests from being accepted.
Specifically, you should:
- Add anti-CSRF tokens to forms that perform user creation and verify these tokens on the server side.
- Restrict access to the addUser.php endpoint to authenticated and authorized users only.
- Monitor and audit logs for suspicious user creation activity.
- If possible, temporarily disable the user creation functionality until proper protections are in place.