CVE-2019-25682

Medium CVSS: 5.3

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint with parameters like source=add_user, source=edit_user, or del=1 to create, modify, or delete admin accounts.

Vendor

Product

CWE

CWE-352

Yayın Tarihi

2026-04-05 21:16:46

Güncelleme

2026-04-07 13:20:35

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-352 MEDIUM 2026

Referanslar

https://github.com/VictorAlagwu/CMSsite https://www.exploit-db.com/exploits/46480 https://www.vulncheck.com/advisories/cmssite-cross-site-request-forgery-via-users-php