CVE-2018-25127

Name of the Vulnerable Software and Affected Versions SOCA Access Control System version 180612

Description The SOCA Access Control System is susceptible to a cross-site request forgery condition. This allows attackers to execute administrative actions without sufficient verification of requests. Specifically, attackers can create admin accounts by deceiving authenticated users into visiting a malicious website that submits forged requests. The API endpoint used for creating admin accounts is vulnerable to this attack. The vulnerability occurs because the system does not properly validate requests, allowing attackers to submit forged requests on behalf of authenticated users.

Recommendations Ensure proper request validation is implemented to prevent unauthorized administrative actions.