Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Easyndexer 1.0: Attackers can create admin accounts without a password
CVE-2018-25190
Summary
Easyndexer 1.0 has a security weakness that allows unknown attackers to create administrative accounts on the system without needing a password. This could allow unauthorized access to sensitive areas of the website. To fix this, update to a secure version of Easyndexer or restrict access to the createuser.php file.
Original title
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft ma...
Original description
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username, password, name, surname, and privileges set to 1 for administrator access.
nvd CVSS3.1
5.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026