CVE-2018-25186

MEDIUM

Tina4 Stack 1.0.3 - CSRF

Title source: llm

Description

Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user data like passwords and email addresses to update administrator accounts without authentication.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/45834

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/45834

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/tina-stack-cross-site-request-forgery-via-profile

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 7.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

tina4/tina4_stack 1.0.3

Published Mar 06, 2026

Tracked Since Mar 06, 2026