CVE-2018-17366 in MCMS
Summary
by MITRE
An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/19/2026
The vulnerability identified as CVE-2018-17366 represents a critical cross-site request forgery flaw within MCMS version 4.6.5, a content management system that serves as a foundational platform for numerous web applications. This vulnerability resides in the administrative interface of the system, specifically within the ms/basic/manager/save.do endpoint which handles the creation and modification of administrator accounts. The flaw enables malicious actors to exploit the lack of proper anti-CSRF mechanisms to execute unauthorized administrative actions without the knowledge or consent of legitimate users.
The technical implementation of this vulnerability stems from the absence of anti-CSRF tokens or similar protective measures within the affected endpoint. When an administrator user visits a malicious website or clicks on a crafted link while authenticated to the MCMS application, the system processes the forged request without validating the authenticity of the request source. This occurs because the application fails to implement proper request validation mechanisms that would typically include unique tokens generated for each user session or referer header checks. The vulnerability is particularly dangerous because it allows attackers to create new administrator accounts with full privileges, effectively granting them complete control over the affected system.
From an operational perspective, this CSRF vulnerability presents a severe risk to organizations utilizing MCMS 4.6.5 as it can lead to complete system compromise. An attacker who successfully exploits this vulnerability can escalate privileges from a regular user to full administrative access, potentially leading to data exfiltration, system modification, or complete service disruption. The impact extends beyond immediate system compromise as it can facilitate further attacks within the network infrastructure, especially if the compromised administrative account is used to access other systems or databases. The vulnerability can be exploited through various means including phishing campaigns, malicious advertisements, or compromised websites that lure administrators into visiting malicious pages while their sessions remain active.
Security practitioners should consider this vulnerability in the context of the CWE-352 framework, which categorizes CSRF as a well-known weakness in web applications. The ATT&CK framework would classify this vulnerability under T1078 Valid Accounts, as it enables adversaries to establish persistent access through legitimate administrative credentials. Organizations should implement immediate mitigations including the deployment of anti-CSRF tokens for all administrative endpoints, implementing proper referer header validation, and establishing robust session management practices. Additionally, regular security assessments should be conducted to identify similar vulnerabilities within other application components, as this flaw demonstrates a pattern of insufficient input validation and authentication controls. The vulnerability also highlights the importance of keeping CMS platforms updated, as newer versions of MCMS likely address these security gaps through proper implementation of CSRF protection mechanisms.