CVE-2018-25174

MEDIUM

ABC ERP 0.6.4 - CSRF

Title source: llm

Description

ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, and email to change admin account settings without authentication.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/45836

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45836

[Third Party Advisory] https://www.vulncheck.com/advisories/abc-erp-cross-site-request-forgery-via-configurar-perfilphp

Scores

CVSS v3 5.3

EPSS 0.0002

EPSS Percentile 3.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-352

Status draft

Timeline

Published Mar 06, 2026

Tracked Since Mar 06, 2026