CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-25186

Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user data like passwords and email addresses to update administrator accounts without authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.1%

CVSS Severity

CVSS v3 Score 5.3

References

https://www.exploit-db.com/exploits/45834
https://www.vulncheck.com/advisories/tina-stack-cross-site-request-forgery-via-profile

Products affected by CVE-2018-25186

Tina4 » Tina4 Stack » Version: 1.0.3

cpe:2.3:a:tina4:tina4_stack:1.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-25186

Products

Pricing

Contact Us