CVE-2018-25186 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests…
Medium CVSS: 6.9

CVE-2018-25186

Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user data like passwords and email addresses to update administrator accounts without authentication.
Vendor
Tina4
Product
Tina4 Stack
CWE
CWE-352
Yayın Tarihi
2026-03-06 13:16:01
Güncelleme
2026-03-16 19:13:34
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-352 Tina4 Stack MEDIUM Tina4 2026

Referanslar

https://www.exploit-db.com/exploits/45834 https://www.vulncheck.com/advisories/tina-stack-cross-site-request-forgery-via-profile