CVE-2018-25200 in OOP CMS BLOGinfo

Zusammenfassung

von MITRE • 06.03.2026

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

06.03.2026

Veröffentlichung

06.03.2026

Moderieren

akzeptiert

Eintrag

VDB-349463

CPE

bereit

CWE

CWE-352 (bestätigt)

Exploit

Download

CVSS

8.8 (NVD)

EPSS

0.00090

KEV

nein

Aktivitäten

very low

Sektor

Education

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-25200
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-25200
CVE Details	https://www.cvedetails.com/cve/CVE-2018-25200/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!