Home Embedded Vulns General Vulns

CVE-2018-25200

MEDIUM 5.3

Our Analysis: esv

Our model has classified this vulnerability as relevant to esv Systems, helping your team prioritize efforts effectively.

Published Date March 6, 2026
Last Modified March 6, 2026
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.

Potentially Affected Vendors