CVE-2018-25190 MEDIUM

CVE-2018-25190: Easyndexer 1.0 Cross-Site Request Forgery via createuser.php

Vendor Sourceforge
Product Easyndexer
Weakness CWE-352 · CSRF
Published March 6, 2026
Last update March 9, 2026
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

Description

Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username, password, name, surname, and privileges set to 1 for administrator access.

Key dates

Disclosure timeline

March 6, 2026 CVE published
March 9, 2026 Record updated