CVE-2018-25200 in OOP CMS BLOG
Summary
by MITRE • 03/06/2026
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/12/2026
The vulnerability identified as CVE-2018-25200 affects OOP CMS BLOG version 1.0 and represents a critical cross-site request forgery flaw that fundamentally undermines the application's authentication and authorization mechanisms. This vulnerability resides in the addUser.php endpoint which lacks proper validation of request origins and lacks sufficient anti-CSRF token implementation. The flaw allows unauthenticated attackers to exploit the web application's trust in legitimate user sessions and manipulate the system's user management functionality without proper authentication. The vulnerability is particularly dangerous because it enables attackers to escalate privileges by creating accounts with administrative roles directly through crafted HTTP POST requests.
The technical implementation of this vulnerability stems from the absence of proper CSRF protection mechanisms within the application's user management interface. When an attacker crafts a malicious POST request to the addUser.php endpoint, the system processes the request without verifying that it originated from a legitimate authenticated session. The vulnerability allows attackers to specify parameters including username, password, email address, and role assignment, with the role parameter being particularly significant as it can be set to administrative privileges. This flaw is classified under CWE-352, which specifically addresses Cross-Site Request Forgery vulnerabilities where web applications fail to validate that requests originate from legitimate sources. The vulnerability operates at the application layer and requires no prior authentication to exploit, making it highly accessible to attackers.
The operational impact of this vulnerability is severe and far-reaching for any organization using the affected CMS BLOG version. An attacker who successfully exploits this vulnerability can gain full administrative control over the blog system, enabling them to modify content, delete posts, create malicious content, access sensitive user data, and potentially use the compromised system as a foothold for further attacks within the network. The ability to create administrative accounts without authentication creates a persistent threat vector that can remain undetected for extended periods. This vulnerability directly violates the principle of least privilege and compromises the integrity of the system's access control mechanisms, potentially leading to data breaches, content tampering, and service disruption. The impact extends beyond immediate system compromise as administrators may be unaware of unauthorized account creation until significant damage has occurred.
Mitigation strategies for this vulnerability must address both immediate remediation and long-term security improvements. The primary fix involves implementing robust anti-CSRF token mechanisms that validate each request originates from a legitimate authenticated session. This includes generating unique tokens for each user session and validating them against the request parameters before processing any user creation requests. Organizations should also implement proper input validation and sanitization of all parameters received by the addUser.php endpoint. Additionally, the application should enforce proper authentication checks before allowing any user management operations to proceed. Security controls should include rate limiting on user creation endpoints and logging of all administrative account creation activities for monitoring purposes. The vulnerability demonstrates the importance of following security best practices outlined in the OWASP Top Ten and aligns with ATT&CK technique T1078 which covers valid accounts and privilege escalation. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other application components and ensure comprehensive protection against unauthorized access attempts.