CMSsite 1.0 Cross-Site Request Forgery via users.php

Description

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint with parameters like source=add_user, source=edit_user, or del=1 to create, modify, or delete admin accounts.

Affected Products

Vendor	Product	Versions
victoralagwu	cmssite	1.0

References

https://www.exploit-db.com/exploits/46480(exploit)
https://github.com/VictorAlagwu/CMSsite(product)
https://www.vulncheck.com/advisories/cmssite-cross-site-request-forgery-via-users-php(third-party-advisory)

Related News (1 articles)

Tier C

VulDB6d ago

CVE-2019-25682 | VictorAlagwu CMSsite 1.0 users.php add_user/edit_user cross-site request forgery (Exploit 46480 / EDB-46480)

→ No new info (linked only)

CVSS 3.14.3 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-352

PublishedApr 5, 2026

Last enriched6d agov2

Trending Score18

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (1)

Version History

Last enriched 6d ago

v2Tier C6d ago

Updated description with more technical details and marked exploit as available and actively exploited.

descriptionexploitAvailableactivelyExploited

via VulDB

v16d ago

Initial creation