CVE-2018-15850 in Redaxo
Summary
by MITRE
An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/04/2023
The vulnerability identified as CVE-2018-15850 represents a critical cross-site request forgery flaw within the REDAXO content management system version 4.7.2. This vulnerability resides in the user management functionality of the application, specifically within the index.php?page=user endpoint which handles administrative user account creation. The flaw allows an attacker to manipulate the system into creating new administrator accounts without proper authorization, potentially leading to complete system compromise. This issue directly impacts the integrity and confidentiality of the CMS environment, as unauthorized individuals could gain elevated privileges and access to sensitive administrative functions.
The technical implementation of this CSRF vulnerability stems from the absence of proper anti-forgery tokens or validation mechanisms within the user creation form. When an administrator visits a malicious page or clicks on a crafted link, the browser automatically submits a request to the vulnerable endpoint without requiring re-authentication or token verification. The vulnerability is particularly dangerous because it targets the administrative user creation interface, which typically requires elevated privileges to access. Attackers can craft specially designed web pages that, when visited by an authenticated administrator, automatically submit requests to create new user accounts with administrative rights. This flaw operates under the principle that the application trusts requests originating from authenticated sessions without sufficient validation of the request source or intent.
The operational impact of this vulnerability extends beyond simple privilege escalation, as it fundamentally undermines the security model of the CMS platform. An attacker who successfully exploits this vulnerability can establish persistent access to the system through the newly created administrator account, potentially leading to data exfiltration, system modification, or complete takeover of the web application. The vulnerability affects any user with administrative privileges who visits a malicious website while authenticated to the REDAXO system. This creates a significant risk for organizations relying on the platform, as the attack vector requires minimal technical skill and can be executed through social engineering techniques. The vulnerability also impacts the system's access control mechanisms, as it bypasses the normal authentication and authorization checks that should prevent unauthorized account creation.
Security mitigations for this vulnerability should focus on implementing proper CSRF protection mechanisms throughout the application. The most effective approach involves adding unique, unpredictable tokens to all state-changing requests, particularly those involving user management functions. The system should validate these tokens on every request to ensure that the action originates from a legitimate source within the authenticated session. Additionally, implementing proper input validation and sanitization for all user inputs related to account creation can help prevent exploitation. Organizations should also consider implementing additional security measures such as requiring multi-factor authentication for administrative accounts, limiting administrative access to specific IP addresses, and conducting regular security audits of web applications. This vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery, and maps to ATT&CK technique T1078 for valid accounts and T1548 for abuse of privileges, highlighting the need for comprehensive defensive measures across multiple security domains.