CVE-2018-25397
Deferred Deferred - Pending Action
Cross-Site Request Forgery in PHP-SHOP 1.0 Allows Admin Creation

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: VulnCheck

Description
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST requests to the users.php endpoint with parameters like name, email, password, and permissions set to admin to create unauthorized admin accounts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2018-25397
EUVD
EUVD-2018-21919
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

PHP-SHOP 1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthenticated attackers to create unauthorized administrative user accounts.

The attack works by tricking authenticated administrators into visiting a malicious webpage containing a hidden HTML form. This form automatically submits POST requests to the users.php endpoint with parameters such as name, email, password, and admin-level permissions.

As a result, the attacker can add new admin users without needing direct access to the system.

Impact Analysis

This vulnerability can lead to unauthorized creation of administrative user accounts in PHP-SHOP 1.0.

An attacker can gain administrative privileges by exploiting this flaw, potentially allowing them to control the application, modify data, and perform actions reserved for legitimate administrators.

Since the attack requires tricking an authenticated administrator into visiting a malicious page, it relies on social engineering.

Detection Guidance

This vulnerability can be detected by monitoring for unexpected POST requests to the users.php endpoint, especially those that attempt to create new administrative users with parameters like name, email, password, and permissions set to admin.

Network or web server logs can be inspected for suspicious POST requests targeting the admin/users.php endpoint with parameters indicating user creation or privilege escalation.

Suggested commands include using tools like grep or tcpdump to filter logs or network traffic for such POST requests.

  • grep -i 'POST /admin/users.php' /var/log/apache2/access.log
  • tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
  • grep -i 'name=.*&email=.*&password=.*&permissions=admin' /var/log/apache2/access.log
Mitigation Strategies

Immediate mitigation steps include implementing CSRF protection mechanisms such as adding CSRF tokens to forms that perform administrative actions.

Restrict access to the users.php endpoint to authenticated and authorized users only, and validate all incoming requests to ensure they originate from legitimate sources.

Educate administrators to avoid clicking on suspicious links or visiting untrusted web pages while logged into the admin panel.

If possible, update or patch the PHP-SHOP application to a version that addresses this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25397. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart