CVE-2018-25200

MEDIUM 5.3

OOP CMS BLOG 1.0 Cross-Site Request Forgery via addUser.php

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.

CWE	CWE-352
Vendor	zsoft
Product	oop cms blog
Published	Mar 6, 2026
Last Updated	Mar 9, 2026

Stay Ahead of the Next One

Get instant alerts for zsoft oop cms blog

Be the first to know when new medium vulnerabilities affecting zsoft oop cms blog are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected Versions

Zsoft / OOP CMS BLOG

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/45794 vulncheck.com: https://www.vulncheck.com/advisories/oop-cms-blog-cross-site-request-forgery-via-adduserphp

Credits

Ihsan Sencan