CVE-2018-25336

MEDIUM

Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25336. PoCs published by L0RD.

AI-analyzed exploit summary The exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Joomla! extension jCart for OpenCart 2.3.0.2. It includes functional HTML forms that automatically submit crafted requests to modify user information, passwords, and affiliate account details without user consent.

Description

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visit the attacker-controlled page.

Exploits (1)

exploitdb WORKING POC

by L0RD · htmlwebappsphp

https://www.exploit-db.com/exploits/44788

View Code ZIP pw:eip

The exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Joomla! extension jCart for OpenCart 2.3.0.2. It includes functional HTML forms that automatically submit crafted requests to modify user information, passwords, and affiliate account details without user consent.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Joomla! extension jCart for OpenCart 2.3.0.2

No auth needed

Prerequisites: Victim must be authenticated and visit a malicious page hosting the exploit

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed May 17, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-44788

https://www.exploit-db.com/exploits/44788

Product product

Official Product Homepage

https://www.joomlaextensions.co.in/

Product product

Product Reference

https://extensions.joomla.org/extensions/extension/e-commerce/e-commerce-integrations/jcart-for-opencart/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

https://www.vulncheck.com/advisories/joomla-jcart-for-opencart-cross-site-request-forgery

Scores

CVSS v3 5.3

EPSS 0.0001

EPSS Percentile 1.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (2)

jCart/jCart for OpenCart 2.3.0.2

Joomlaextensions/Joomla! extension jCart for OpenCart 2.3.0.2

Published May 17, 2026

Tracked Since May 17, 2026