CVE-2018-25397
Cross-Site Request Forgery in PHP-SHOP 1.0 Allows Admin Creation
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
PHP-SHOP 1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthenticated attackers to create unauthorized administrative user accounts.
The attack works by tricking authenticated administrators into visiting a malicious webpage containing a hidden HTML form. This form automatically submits POST requests to the users.php endpoint with parameters such as name, email, password, and admin-level permissions.
As a result, the attacker can add new admin users without needing direct access to the system.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized creation of administrative user accounts in PHP-SHOP 1.0.
An attacker can gain administrative privileges by exploiting this flaw, potentially allowing them to control the application, modify data, and perform actions reserved for legitimate administrators.
Since the attack requires tricking an authenticated administrator into visiting a malicious page, it relies on social engineering.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unexpected POST requests to the users.php endpoint, especially those that attempt to create new administrative users with parameters like name, email, password, and permissions set to admin.
Network or web server logs can be inspected for suspicious POST requests targeting the admin/users.php endpoint with parameters indicating user creation or privilege escalation.
Suggested commands include using tools like grep or tcpdump to filter logs or network traffic for such POST requests.
- grep -i 'POST /admin/users.php' /var/log/apache2/access.log
- tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
- grep -i 'name=.*&email=.*&password=.*&permissions=admin' /var/log/apache2/access.log
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing CSRF protection mechanisms such as adding CSRF tokens to forms that perform administrative actions.
Restrict access to the users.php endpoint to authenticated and authorized users only, and validate all incoming requests to ensure they originate from legitimate sources.
Educate administrators to avoid clicking on suspicious links or visiting untrusted web pages while logged into the admin panel.
If possible, update or patch the PHP-SHOP application to a version that addresses this vulnerability.