CVE-2018-25336

jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

CVSS 6.9 MEDIUMEPSS 0.2%CWE-352

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visit the attacker-controlled page.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

Affected products

jCart · jCart for OpenCart

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/44788unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://extensions.joomla.org/extensions/extension/e-commerce/e-commerce-integrations/jcart-for-opencart/https://www.exploit-db.com/exploits/44788 https://www.joomlaextensions.co.in/https://www.vulncheck.com/advisories/joomla-jcart-for-opencart-cross-site-request-forgery