VYPR
Medium severity5.3NVD Advisory· Published May 29, 2026· Updated May 29, 2026

CVE-2018-25397

CVE-2018-25397

Description

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST requests to the users.php endpoint with parameters like name, email, password, and permissions set to admin to create unauthorized admin accounts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Joeyrush/PHP Shopreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 1.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.