CVE-2018-25343NVD

Vulnerability Summary

Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that execute automatically when visited by an authenticated admin user.

Severity Level

MEDIUM(4.3)

Published Date

May 23, 2026

Last Modified

May 27, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.02%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityLow

AvailabilityNone

External References

https://www.exploit-db.com/exploits/44824
https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website
https://github.com/smakosh/Smartshop/archive/master.zip
https://www.vulncheck.com/advisories/smartshop-1-cross-site-request-forgery-via-editprofile-php

Critical Alert 3 Active Exploits Detected Today

Critical Alert

CVE Watchtower

CVE-2018-25343NVD

Vulnerability Summary

External References