CVE-2019-25682
CSRF in CMSsite 1.0 Enables Unauthorized Admin Account Manipulation
Publication date: 2026-04-05
Last updated on: 2026-04-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| victoralagwu | cmssite | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25682 is a cross-site request forgery (CSRF) vulnerability in CMSsite 1.0. It allows attackers to perform unauthorized administrative actions by tricking authenticated administrators into visiting maliciously crafted web pages. These pages contain HTML forms that automatically submit POST requests to the users.php endpoint with parameters that can create, modify, or delete admin accounts.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to gain unauthorized control over administrative accounts in CMSsite 1.0. Specifically, attackers can create new admin users, modify existing ones, or delete admin accounts without proper authorization. This can lead to unauthorized access, potential data manipulation, and loss of control over the CMS.