CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-25200

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.3%

CVSS Severity

CVSS v3 Score 5.3

References

https://www.exploit-db.com/exploits/45794
https://www.vulncheck.com/advisories/oop-cms-blog-cross-site-request-forgery-via-adduserphp

Products affected by CVE-2018-25200

Tomalofficial » Php Oop Cms Blog » Version: 1.0

cpe:2.3:a:tomalofficial:php_oop_cms_blog:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-25200

Products

Pricing

Contact Us