Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
ABC ERP 0.6.4: Attackers Can Change Admin Credentials Online
CVE-2018-25174
Summary
The ABC ERP software version 0.6.4 has a security weakness that allows hackers to change the login details of administrators without needing a password. This can happen if a user clicks on a fake link or submits a fake form on a website. To stay safe, update to the latest version of ABC ERP.
Original title
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can cr...
Original description
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, and email to change admin account settings without authentication.
nvd CVSS3.1
5.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026