CVE-2019-25682 MEDIUM

CVE-2019-25682: CMSsite 1.0 Cross-Site Request Forgery via users.php

Vendor Victoralagwu

Product CMSsite

Weakness CWE-352 · CSRF

Published April 5, 2026

Last update April 6, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

Description

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint with parameters like source=add_user, source=edit_user, or del=1 to create, modify, or delete admin accounts.

Key dates

Disclosure timeline

April 5, 2026 CVE published

April 6, 2026 Record updated