CVE-2018-25354— Joomla Component jomres 9.11.2 Cross-Site Request Forgery
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-25354
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Joomla Component jomres 9.11.2 Cross-Site Request Forgery
Source: NVD (National Vulnerability Database)
Vulnerability Description
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to change passwords, email addresses, and profile details without user consent.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2018-25354
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-25354
请登录查看更多情报信息。
Vendor Advisories for CVE-2018-25354 (1)
Exploits & Public PoCs for CVE-2018-25354 (1)
Vendor Pages for CVE-2018-25354 (1)
- Joomla! Extensions Directoryproduct
Other References for CVE-2018-25354 (1)
- https://www.jomres.net/product
IV. Related Vulnerabilities
Same weakness: CWE-352
- CVE-2026-9486
SourceCodester Student Grades Management System cross-site r - CVE-2018-25370
Admidio 3.3.5 Cross-Site Request Forgery via roles_function. - CVE-2018-25363
Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php - CVE-2018-25343
Smartshop 1 Cross-Site Request Forgery via editprofile.php - CVE-2026-9303
calcom cal.diy cross-site request forgery
V. Comments for CVE-2018-25354
No comments yet