SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site.
PUBLISHED5.2CWE-352
SOCA Access Control System 180612 Cross-Site Request Forgery via Admin Interface
Problem type
Affected products
SOCA Technology Co., Ltd
SOCA Access Control System
180612 - AFFECTED
170000 - AFFECTED
141007 - AFFECTED
References
ExploitDB-46834
https://www.exploit-db.com/exploits/46834
SOCA Technology Product Homepage
http://www.socatech.com
Zero Science Lab Disclosure (ZSL-2019-5520)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5520.php
GitHub Security Advisories
GHSA-m662-6p96-4253
SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows...
https://github.com/advisories/GHSA-m662-6p96-4253SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2018-25127Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2018-25127",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2025-12-24T20:27:27.630Z",
"dateReserved": "2025-12-24T14:28:02.432Z",
"datePublished": "2025-12-24T19:27:42.423Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2025-12-24T19:27:42.423Z"
},
"datePublic": "2018-04-20T00:00:00.000Z",
"title": "SOCA Access Control System 180612 Cross-Site Request Forgery via Admin Interface",
"descriptions": [
{
"lang": "en",
"value": "SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site."
}
],
"affected": [
{
"vendor": "SOCA Technology Co., Ltd",
"product": "SOCA Access Control System",
"versions": [
{
"version": "180612",
"status": "affected"
},
{
"version": "170000",
"status": "affected"
},
{
"version": "141007",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/46834",
"name": "ExploitDB-46834",
"tags": [
"exploit"
]
},
{
"url": "http://www.socatech.com",
"name": "SOCA Technology Product Homepage",
"tags": [
"product"
]
},
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5520.php",
"name": "Zero Science Lab Disclosure (ZSL-2019-5520)",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"credits": [
{
"lang": "en",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab",
"type": "finder"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-12-24T20:27:27.630Z"
},
"title": "CISA ADP Vulnrichment",
"references": [
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5520.php",
"tags": [
"exploit"
]
}
],
"metrics": [
{}
]
}
]
}
}