CVE-2018-25354— Joomla Component jomres 9.11.2 Cross-Site Request Forgery
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-25354
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Joomla Component jomres 9.11.2 Cross-Site Request Forgery
Source: NVD (National Vulnerability Database)
Vulnerability Description
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to change passwords, email addresses, and profile details without user consent.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2018-25354
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-25354
请登录查看更多情报信息。
Vendor Advisories for CVE-2018-25354 (1)
Exploits & Public PoCs for CVE-2018-25354 (1)
Vendor Pages for CVE-2018-25354 (1)
- Joomla! Extensions Directoryproduct
Other References for CVE-2018-25354 (1)
- https://www.jomres.net/product
IV. Related Vulnerabilities
Same weakness: CWE-352
- CVE-2026-39436
WordPress CformsII plugin <= 15.1.3 - Cross Site Request For - CVE-2026-24554
WordPress WPSubscription plugin <= 1.9.1 - Cross Site Reques - CVE-2026-24574
WordPress Export WP Page to Static HTML/CSS plugin <= 6.0.0 - CVE-2026-24597
WordPress Organization chart plugin <= 1.7.5 - Cross Site Re - CVE-2026-9486
SourceCodester Student Grades Management System cross-site r
V. Comments for CVE-2018-25354
No comments yet