CVE-2018-25200
Published: 06 March 2026
Summary
CVE-2018-25200 is a medium-severity CSRF (CWE-352) vulnerability in Tomalofficial Php Oop Cms Blog. Its CVSS base score is 5.3 (Medium).
Operationally, ranked at the 23.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Awareness training educates users on avoiding untrusted links and actions that can be exploited via CSRF.
Requiring user re-entry of credentials for sensitive actions prevents automated forgery of requests without active user participation.
Security testing regimens explicitly include checks for missing or ineffective anti-CSRF protections in web applications.
Detects anomalous request patterns consistent with cross-site request forgery.
NVD Description
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role…
more
set to administrative privileges to gain unauthorized access.
Deeper analysisAI
CVE-2018-25200 is a cross-site request forgery (CSRF) vulnerability, classified under CWE-352, affecting OOP CMS BLOG version 1.0. The flaw resides in the addUser.php endpoint, which lacks proper CSRF protections, enabling attackers to submit malicious POST requests with parameters such as userName, password, email, and role to create new user accounts. The vulnerability received a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), indicating medium severity with network accessibility, low attack complexity, no privileges or user interaction required, and impact limited to integrity.
Unauthenticated attackers can exploit this vulnerability remotely by crafting and inducing victims to submit forged POST requests to the vulnerable endpoint. By setting the role parameter to administrative privileges, attackers can create fully privileged user accounts, allowing them to log in subsequently and gain unauthorized access to the CMS, potentially leading to full administrative control over the application.
Advisories and related resources, including an exploit proof-of-concept on Exploit-DB (https://www.exploit-db.com/exploits/45794) and a detailed advisory from Vulncheck (https://www.vulncheck.com/advisories/oop-cms-blog-cross-site-request-forgery-via-adduserphp), document the issue but do not specify patches or mitigations in the available details. Security practitioners should review these references for implementation guidance and consider upgrading or applying custom CSRF tokens to affected endpoints.
Details
- CWE(s)