Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Unauthenticated attackers can create admin accounts on Precurio Intranet Portal 2.0
CVE-2018-25168
Summary
An attacker can create new admin accounts on your Precurio Intranet Portal 2.0 without permission. This could give them control over your site and sensitive data. Update your Precurio software to the latest version to fix this issue.
Original title
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. At...
Original description
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameters to add new admin accounts without requiring CSRF tokens or user interaction.
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-434
Unrestricted File Upload
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026