CVE-2018-25200 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting ma…
Medium CVSS: 6.9

CVE-2018-25200

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.
Vendor
Tomalofficial
Product
Php Oop Cms Blog
CWE
CWE-352
Yayın Tarihi
2026-03-06 13:16:03
Güncelleme
2026-03-11 00:35:37
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-352 Php Oop Cms Blog MEDIUM Tomalofficial 2026

Referanslar

https://www.exploit-db.com/exploits/45794 https://www.vulncheck.com/advisories/oop-cms-blog-cross-site-request-forgery-via-adduserphp