CVE-2018-15888 – ASPCMS 2.5.6 allows unauthenticated users to re... (How to Fix)

Q: What is the severity of CVE-2018-15888?

CVE-2018-15888 has a CVSS score of 9.8 (CRITICAL). ASPCMS 2.5.6 allows unauthenticated users to register accounts with super administrator privileges during registration. This vulnerability enables attackers to gain full administrative control over affected ASPCMS installations. All systems running the vulnerable version are affected.

📋 TL;DR

ASPCMS 2.5.6 allows unauthenticated users to register accounts with super administrator privileges during registration. This vulnerability enables attackers to gain full administrative control over affected ASPCMS installations. All systems running the vulnerable version are affected.

💻 Affected Systems

Products:

ASPCMS

Versions: 2.5.6

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects ASPCMS installations with user registration enabled. The vulnerability is in the default configuration.

📦 What is this software?

Aspcms by Aspcms

View all CVEs affecting Aspcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the CMS installation allowing attackers to modify content, steal data, install backdoors, and potentially compromise the underlying server.

🟠

Likely Case

Attackers create administrator accounts to deface websites, inject malicious content, or steal sensitive information stored in the CMS.

🟢

If Mitigated

If proper access controls and input validation are implemented, the vulnerability would be prevented at the registration endpoint.

🌐 Internet-Facing: HIGH - The registration page is typically internet-facing and accessible without authentication.

🏢 Internal Only: LOW - This is primarily an internet-facing vulnerability affecting public registration functionality.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a specially crafted HTTP POST request to the registration endpoint with the administrator GroupID parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.7 or later

Vendor Advisory: Not available - ASPCMS appears to be discontinued

Restart Required: No

Instructions:

1. Upgrade to ASPCMS 2.5.7 or later if available. 2. If upgrade not possible, manually patch the /member/reg.asp file to validate GroupID parameter. 3. Remove or disable user registration if not required.

🔧 Temporary Workarounds

Disable User Registration

windows

Remove or disable the user registration functionality entirely

Rename or remove /member/reg.asp file
Disable registration in ASPCMS admin panel if option exists

Implement Input Validation

windows

Add server-side validation to reject GroupID parameter in registration requests

Edit /member/reg.asp to validate GroupID parameter before processing

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block requests containing administrator GroupID parameters
Monitor registration logs for suspicious activity and implement rate limiting on registration endpoint

🔍 How to Verify

Check if Vulnerable:

Attempt to register a user with GroupID=1 parameter via POST to /member/reg.asp and check if account gets administrator privileges

Check Version:

Check ASPCMS version in admin panel or footer of website

Verify Fix Applied:

Verify that registration requests with GroupID parameter are rejected or properly validated

📡 Detection & Monitoring

Log Indicators:

Unusual registration requests with GroupID parameter
Multiple registration attempts from same IP
New administrator accounts created via registration

Network Indicators:

HTTP POST requests to /member/reg.asp with GroupID parameter
Traffic patterns showing registration abuse

SIEM Query:

source="web_server" AND (uri="/member/reg.asp" AND method="POST" AND (param="GroupID" OR body CONTAINS "GroupID"))

📊 Metadata

CVE ID: CVE-2018-15888

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: August 26, 2018

Last Updated: November 21, 2024

🔗 References

http://wooyun.org/bugs/wooyun-2015-091831 Third Party Advisory,VDB Entry
https://www.seebug.org/vuldb/ssvid-96205 Exploit,Third Party Advisory
http://wooyun.org/bugs/wooyun-2015-091831 Third Party Advisory,VDB Entry
https://www.seebug.org/vuldb/ssvid-96205 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-15888, you might also want to check these: