CVE-2018-18797

HIGH

School Attendance Monitoring System 1.0 - Cross-Site Request Forgery via User Edit Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-18797. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in School Attendance Monitoring System 1.0, allowing an attacker to update admin credentials without proper session validation. The PoC includes an HTML form and HTTP request to modify the admin account.

Description

School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/45725

This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in School Attendance Monitoring System 1.0, allowing an attacker to update admin credentials without proper session validation. The PoC includes an HTML form and HTTP request to modify the admin account.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: School Attendance Monitoring System 1.0
No auth needed
Prerequisites: Victim must be authenticated and tricked into submitting the form
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45725/

Scores

CVSS v3 8.8
EPSS 0.0238
EPSS Percentile 81.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
school_attendance_monitoring_system_project/school_attendance_monitoring_system 1.0
Published Nov 16, 2018
Tracked Since Feb 18, 2026