CVE-2018-25127

Sažetak

SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site.

Reference

http://www.socatech.com
https://www.exploit-db.com/exploits/46834
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5520.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5520.php

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

24-12-2025 - 21:15

Objavljeno

24-12-2025 - 20:15