CVE-2018-25336: Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery
Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visit the attacker-controlled page.
Security readout for executives and security teams
Plain-English summary
This issue affects the Joomla! extension jCart for OpenCart version 2.3.0.2. A malicious site could cause account, password, or affiliate-detail changes through a victim’s browser. It is business-relevant for exposed ecommerce sites because account integrity could be affected, but the source bundle does not confirm active exploitation.
Executive priority
Treat as a timely medium-priority ecommerce integrity issue. Prioritize sites that process customer accounts, passwords, or affiliate details through this extension.
Technical view
CVE-2018-25336 is a CWE-352 cross-site request forgery in Joomlaextensions jCart for OpenCart 2.3.0.2. The supplied description says crafted HTML forms can target affected endpoints to modify user credentials, passwords, and affiliate account details. Specific endpoint names and vendor patch details are not included in the supplied evidence.
Likely exposure
Exposure appears limited to Joomla sites using Joomlaextensions jCart for OpenCart 2.3.0.2, especially public ecommerce installations with account or affiliate functionality enabled.
Exploitation context
The bundle cites an ExploitDB entry, indicating public exploit material exists. It does not cite CISA KEV or another source confirming active exploitation in the wild.
Researcher notes
Evidence is sufficient for affected product, version, weakness class, and public exploit reference. It is incomplete on exact endpoint names, patch availability, and observed exploitation. Avoid broad conclusions about Joomla or OpenCart generally.
Mitigation direction
Inventory Joomla sites for jCart for OpenCart version 2.3.0.2.
Check vendor and advisory pages for patched versions or official mitigation guidance.
Upgrade, replace, or disable the affected extension if no supported fix is available.
Review account and affiliate-profile change logs for unexpected modifications.
Add compensating CSRF protections only if consistent with vendor-supported deployment guidance.
Validation and detection
Confirm whether the extension is installed and identify its exact version.
Map exposed account, password, and affiliate-management routes using application documentation.
Review access logs for suspicious cross-origin form submissions or unusual profile changes.
Validate remediation in staging before production deployment.
Retest affected workflows after upgrade or disabling the extension.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-352: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-352 · source CWE mapping
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.