CVE-2018-13445 in SeaCMS
Summary
by MITRE
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/26/2020
The vulnerability identified as CVE-2018-13445 represents a critical cross-site request forgery weakness within SeaCMS version 6.61. This flaw exists in the administrative user management component of the content management system, specifically within the adm1n/admin_manager.php file where the add action is processed. The vulnerability allows unauthenticated attackers to perform administrative actions on behalf of legitimate users without their knowledge or consent, potentially leading to unauthorized account creation and privilege escalation within the system.
This CSRF vulnerability stems from the absence of proper anti-forgery tokens or validation mechanisms in the administrative user management interface. When an administrator visits a malicious website or clicks on a crafted link, the browser automatically submits a request to the vulnerable SeaCMS instance to add a new user account. The system processes this request without verifying the origin or authenticity of the request, making it susceptible to exploitation. The attack vector is particularly dangerous because it can be executed silently in the background without the administrator's awareness, as the request originates from the victim's browser session.
The operational impact of this vulnerability extends beyond simple account creation, as it provides attackers with a potential foothold for further compromise within the SeaCMS environment. An attacker who successfully exploits this vulnerability can create new administrative accounts with elevated privileges, potentially gaining full control over the content management system. This could lead to unauthorized content modification, data exfiltration, or even the complete takeover of the website. The vulnerability affects the integrity and availability of the system, as unauthorized modifications can be made without detection, and legitimate administrators may lose control over their user management functions.
Security professionals should consider this vulnerability in the context of CWE-352, which specifically addresses cross-site request forgery weaknesses in web applications. The ATT&CK framework categorizes this as a privilege escalation technique under the T1068 privilege escalation tactic, where attackers leverage web application vulnerabilities to gain elevated system access. Organizations should implement comprehensive mitigations including the deployment of anti-CSRF tokens in all administrative functions, proper validation of request origins, and the implementation of Content Security Policy headers to prevent unauthorized script execution. Regular security audits and input validation should be enforced to prevent similar vulnerabilities from emerging in other parts of the application, while also ensuring that all administrative interfaces require explicit authentication and authorization before processing sensitive operations.