CVE-2018-14014 in Super CMS
Summary
by MITRE
In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/09/2020
The vulnerability identified as CVE-2018-14014 resides within the waimai Super Cms version 20150505, specifically targeting the administrative account creation functionality. This represents a classic cross-site request forgery vulnerability that allows unauthorized attackers to manipulate the system's administrative capabilities without proper authentication. The vulnerability is exposed through the admin.php?m=Member&a=adminadd endpoint, which serves as an entry point for adding new administrator accounts to the system. This flaw fundamentally undermines the security model of the content management system by enabling attackers to bypass normal authentication procedures and gain elevated privileges within the application.
The technical implementation of this CSRF vulnerability stems from the absence of proper anti-CSRF token validation within the administrative account creation process. When an administrator visits a malicious webpage or clicks on a crafted link, the browser automatically submits a request to the vulnerable endpoint without requiring re-authentication. The attack exploits the trust relationship between the web application and the user's browser, leveraging the fact that the application does not verify the authenticity of the request origin or validate that the request was genuinely initiated by the legitimate administrator. This weakness aligns with CWE-352, which categorizes cross-site request forgery vulnerabilities as those that permit unauthorized commands to be executed on behalf of an authenticated user.
The operational impact of this vulnerability is severe and multifaceted, as it provides attackers with direct access to administrative controls within the waimai Super Cms. Successful exploitation allows threat actors to create new administrator accounts with full system privileges, potentially leading to complete system compromise, data theft, unauthorized modifications, and persistent backdoor access. The vulnerability affects the confidentiality, integrity, and availability of the entire content management system, as attackers can manipulate content, delete critical files, modify user permissions, and potentially use the compromised administrative account for further lateral movement within the network. This represents a critical risk for any organization relying on the affected CMS, particularly those handling sensitive user data or business-critical information.
Organizations should implement immediate mitigations to address this vulnerability through multiple defensive layers. The primary solution involves implementing robust anti-CSRF token mechanisms that validate each administrative request against a unique, time-limited token generated for each user session. Additionally, the application should enforce strict referer header validation and implement proper session management controls to ensure that all administrative actions originate from legitimate sources. Security professionals should also consider implementing web application firewalls that can detect and block suspicious administrative account creation requests. This vulnerability demonstrates the importance of following security best practices outlined in the OWASP Top Ten and aligns with ATT&CK technique T1078 which covers valid accounts and privilege escalation through unauthorized access to administrative functions. Regular security assessments and input validation improvements should be implemented to prevent similar vulnerabilities from emerging in other application components.