CVE-2018-25186

Name of the Vulnerable Software and Affected Versions Tina4 Stack version 1.0.3

Description The software contains a cross-site request forgery issue that enables attackers to alter admin user credentials. This is achieved by submitting crafted POST requests to the /kim/profile endpoint. Attackers can create HTML forms that target this endpoint, including hidden fields with malicious data such as passwords and email addresses, to update administrator accounts without proper authentication. The profile endpoint is susceptible to forged requests.

Recommendations Update to a newer version that contains a fix for this vulnerability.