CVE-2018-25336— Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Joomlaextensions | Joomla! extension jCart for OpenCart | 2.3.0.2 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-25336
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery
Source: NVD (National Vulnerability Database)
Vulnerability Description
Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visit the attacker-controlled page.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Joomla jCart for OpenCart 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Joomla jCart for OpenCart是joomlaextensions开源的一个支持Joomla与OpenCart集成的电商购物车扩展组件。 Joomla jCart for OpenCart 2.3.0.2版本存在跨站请求伪造漏洞,该漏洞源于跨站请求伪造,可能导致攻击者无需身份验证修改用户账户信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Joomlaextensions | Joomla! extension jCart for OpenCart | 2.3.0.2 | - |
II. Public POCs for CVE-2018-25336
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-25336
请登录查看更多情报信息。
Same Patch Batch · Joomlaextensions · 2026-05-17 · 3 CVEs total
| CVE-2018-25330 | 8.2 HIGH | Joomla! EkRishta 2.10 Persistent XSS and SQL Injection |
| CVE-2018-25337 | 4.3 MEDIUM | Joomla JoomOCShop 1.0 Cross-Site Request Forgery |
IV. Related Vulnerabilities
Same weakness: CWE-352
- CVE-2025-11954
CSRF in Sitemio's WISECP - CVE-2026-6405
Anomify AI <= 0.3.6 - Cross-Site Request Forgery - CVE-2026-6395
Word 2 Cash <= 0.9.2 - Cross-Site Request Forgeryto Stored C - CVE-2026-6400
Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Requ - CVE-2026-6401
Bottom Bar <= 0.1.7 - Cross-Site Request Forgery to Settings
V. Comments for CVE-2018-25336
No comments yet