CVE-2018-25200

MEDIUM

OOP CMS BLOG 1.0 - CSRF

Title source: llm

Description

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/45794

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/45794

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/oop-cms-blog-cross-site-request-forgery-via-adduserphp

Scores

CVSS v3 5.3

EPSS 0.0008

EPSS Percentile 23.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

tomalofficial/php_oop_cms_blog 1.0

Published Mar 06, 2026

Tracked Since Mar 06, 2026