CVE-2018-25435
Cross-Site Request Forgery in ZeusCart 4.0
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zeuscart | zeuscart | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
ZeusCart 4.0 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of victims. Attackers can craft malicious requests that trick users into visiting attacker-controlled pages, which then submit requests to the regstatus endpoint with parameters that deactivate customer accounts via the admin interface.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to deactivate customer accounts without authorization. This could disrupt normal business operations, cause loss of customer access, and potentially damage trust and reputation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the admin interface, specifically looking for unauthorized POST requests to the regstatus endpoint with the parameter action=deny.
You can use network traffic analysis tools or web server logs to identify suspicious requests that attempt to deactivate customer accounts without proper validation.
For example, using command-line tools like curl or tcpdump, you can capture or simulate requests to check for this behavior.
- Use tcpdump to capture HTTP traffic and filter for requests to regstatus endpoint: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'regstatus'
- Use grep on web server access logs to find suspicious POST requests: grep 'POST .*regstatus.*action=deny' /var/log/apache2/access.log
- Simulate a request with curl to test the endpoint behavior: curl -X POST 'http://target-site/admin/regstatus?action=deny&user=targetuser'
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing proper CSRF protections such as adding anti-CSRF tokens to forms and validating them on the server side.
Restrict access to the admin interface to trusted IP addresses or networks to reduce exposure.
Ensure that user sessions are properly validated and that sensitive actions require additional authentication or confirmation.
If possible, update ZeusCart to a version where this vulnerability is patched or apply any available security patches.
Educate administrators to avoid clicking on suspicious links or visiting untrusted websites while logged into the admin interface.