CVE-2018-15845 in Gleez
Summary
by MITRE
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/18/2025
The vulnerability identified as CVE-2018-15845 represents a critical cross-site request forgery flaw within Gleez CMS version 1.2.0 that enables unauthorized users to escalate privileges by creating administrative accounts. This vulnerability resides in the administrative user management functionality, specifically at the endpoint admin/users/add, where the application fails to implement proper anti-CSRF mechanisms. The flaw allows malicious actors to craft specially crafted requests that, when executed by an authenticated administrator, will silently create new administrator accounts without proper verification or authorization. The vulnerability stems from the absence of anti-CSRF tokens in the user addition form, making it susceptible to exploitation through social engineering or by leveraging existing administrator sessions. Attackers can leverage this weakness to gain complete control over the CMS installation, as the newly created accounts would possess full administrative privileges including access to sensitive configuration settings, user management capabilities, content editing functions, and potentially access to underlying database systems.
The technical implementation of this vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery issues in web applications. The flaw operates by bypassing the normal authentication and authorization checks that should occur when adding new users, particularly those with administrative privileges. In a typical CSRF attack scenario, an attacker would need to convince an administrator to visit a malicious website or click on a crafted link that contains a hidden form submission to the vulnerable endpoint. Without proper CSRF protection mechanisms such as token validation or origin checking, the application processes the request as if it originated from the legitimate administrator, thereby executing the account creation with elevated privileges. The vulnerability's impact extends beyond simple privilege escalation as it fundamentally undermines the application's security model and can lead to complete system compromise, data theft, or unauthorized modifications to website content.
The operational impact of this vulnerability is severe for organizations relying on Gleez CMS 1.2.0, as it provides a straightforward path to complete system compromise without requiring advanced exploitation techniques or privileged access to the application infrastructure. Once exploited, the attacker can establish persistent access through the newly created administrator accounts, potentially leading to data exfiltration, website defacement, or use as a foothold for further attacks within the network. The vulnerability also exposes organizations to potential compliance violations, as it creates unauthorized administrative access that could go undetected for extended periods. Security teams would face challenges in detecting such attacks, as the legitimate administrative functions are being used for malicious purposes, making the activity appear normal within the application's audit logs. Additionally, the vulnerability affects the application's integrity and trust model, as it allows unauthorized users to modify the user access control structure that should be protected from modification by non-administrative users.
Mitigation strategies for CVE-2018-15845 should prioritize immediate implementation of anti-CSRF protection measures including the deployment of unique, unpredictable tokens for each user session that are validated before processing sensitive administrative operations. Organizations should also implement proper request origin validation and ensure that all administrative endpoints require explicit user confirmation for privilege escalation actions. The recommended solution involves upgrading to a patched version of Gleez CMS that addresses this vulnerability through proper CSRF token implementation and validation. Security configurations should include monitoring for suspicious administrative account creation activities and implementing rate limiting for user management operations. Organizations should also consider implementing additional security controls such as two-factor authentication for administrative accounts and regular security audits of administrative functions. The vulnerability demonstrates the critical importance of implementing comprehensive security measures for all administrative interfaces and highlights the necessity of following established security frameworks that address common web application vulnerabilities. Organizations should also conduct regular penetration testing and vulnerability assessments to identify similar weaknesses in their web applications and ensure that proper security controls are in place to prevent unauthorized privilege escalation attacks.