CVE-2018-25435
Received Received - Intake
Cross-Site Request Forgery in ZeusCart 4.0

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages that submit requests to the regstatus endpoint with action=deny parameters.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-02
AI Q&A
2026-06-02
EPSS Evaluated
N/A
NVD
CVE-2018-25435
EUVD
EUVD-2018-21956
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zeuscart zeuscart 4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

ZeusCart 4.0 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of victims. Attackers can craft malicious requests that trick users into visiting attacker-controlled pages, which then submit requests to the regstatus endpoint with parameters that deactivate customer accounts via the admin interface.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers to deactivate customer accounts without authorization. This could disrupt normal business operations, cause loss of customer access, and potentially damage trust and reputation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart