CVE-2018-9926 in WUZHI
Summary
by MITRE
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 08/26/2025
The vulnerability identified as CVE-2018-9926 represents a critical cross-site request forgery flaw within WUZHI CMS version 4.1.0. This vulnerability resides in the administrative interface and specifically targets the power management functionality through the index.php endpoint with the core module, power function, and add action parameters. The flaw allows an attacker to manipulate the content management system's administrative capabilities without proper authorization, potentially leading to complete system compromise.
The technical implementation of this CSRF vulnerability stems from the absence of proper anti-CSRF tokens or validation mechanisms within the targeted administrative function. When an authenticated administrator visits a malicious webpage containing crafted requests, the CMS processes the administrative add power request automatically without requiring re-authentication or token verification. This design flaw falls under CWE-352, which specifically addresses Cross-Site Request Forgery vulnerabilities where the application fails to validate the origin of requests. The vulnerability is particularly dangerous because it operates within the core administrative module, providing attackers with direct access to power management functions that typically require elevated privileges.
The operational impact of this vulnerability extends beyond simple privilege escalation as it enables attackers to create new administrative accounts with full system access. This capability allows threat actors to establish persistent access points within the compromised system, potentially leading to data exfiltration, system modification, or further lateral movement within the network infrastructure. The attack vector typically involves social engineering techniques where administrators are tricked into visiting malicious websites or clicking on compromised links. According to ATT&CK framework, this vulnerability maps to T1078 which covers Valid Accounts and T1548 which addresses Abuse of Functionality, demonstrating how attackers can leverage legitimate administrative functions for unauthorized access.
Mitigation strategies for CVE-2018-9926 should focus on immediate implementation of anti-CSRF token mechanisms throughout the administrative interface. The CMS should be updated to version 4.1.1 or later, which includes proper CSRF protection measures. Organizations should also implement network segmentation and monitoring to detect unusual administrative activities. Security measures should include regular vulnerability assessments, web application firewalls, and user education to prevent social engineering attacks. Additionally, administrators should be trained to recognize suspicious website content and understand the risks associated with visiting untrusted websites while logged into administrative interfaces. The vulnerability highlights the critical importance of implementing proper input validation and authentication mechanisms in web applications, particularly within administrative functions where privilege escalation opportunities exist.