CVE-2018-25168 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by…
Medium CVSS: 5.3

CVE-2018-25168

Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameters to add new admin accounts without requiring CSRF tokens or user interaction.
Vendor
-
Product
-
CWE
CWE-434
Yayın Tarihi
2026-03-06 13:15:57
Güncelleme
2026-03-09 13:35:34
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-434 MEDIUM 2026

Referanslar

https://www.exploit-db.com/exploits/45860 https://www.vulncheck.com/advisories/precurio-intranet-portal-cross-site-request-forgery-add-admin