← back
CVE-2018-25354

Joomla Component jomres 9.11.2 Cross-Site Request Forgery

CVSS 5.3 MEDIUMEPSS 0.1%CWE-352
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to change passwords, email addresses, and profile details without user consent.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
Affected products
Jomres · Jomres
public PoCs found1
cve_referencewww.exploit-db.com/exploits/44901unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://extensions.joomla.org/extension/jomres/https://www.exploit-db.com/exploits/44901https://www.jomres.net/https://www.vulncheck.com/advisories/joomla-component-jomres-cross-site-request-forgery