Medium severity4.3NVD Advisory· Published Apr 5, 2026· Updated Apr 9, 2026
CVE-2019-25682
CVE-2019-25682
Description
CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint with parameters like source=add_user, source=edit_user, or del=1 to create, modify, or delete admin accounts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:victoralagwu:cmssite:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:victoralagwu:cmssite:1.0:*:*:*:*:*:*:*
- (no CPE)range: = 1.0
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/46480nvdExploitVDB Entry
- www.vulncheck.com/advisories/cmssite-cross-site-request-forgery-via-users-phpnvdThird Party Advisory
News mentions
0No linked articles in our index yet.