CVE-2018-25435
Deferred Deferred - Pending Action
Cross-Site Request Forgery in ZeusCart 4.0

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages that submit requests to the regstatus endpoint with action=deny parameters.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-20
NVD
CVE-2018-25435
EUVD
EUVD-2018-21956
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zeuscart zeuscart 4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

ZeusCart 4.0 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of victims. Attackers can craft malicious requests that trick users into visiting attacker-controlled pages, which then submit requests to the regstatus endpoint with parameters that deactivate customer accounts via the admin interface.

Impact Analysis

This vulnerability can impact you by allowing attackers to deactivate customer accounts without authorization. This could disrupt normal business operations, cause loss of customer access, and potentially damage trust and reputation.

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests to the admin interface, specifically looking for unauthorized POST requests to the regstatus endpoint with the parameter action=deny.

You can use network traffic analysis tools or web server logs to identify suspicious requests that attempt to deactivate customer accounts without proper validation.

For example, using command-line tools like curl or tcpdump, you can capture or simulate requests to check for this behavior.

  • Use tcpdump to capture HTTP traffic and filter for requests to regstatus endpoint: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'regstatus'
  • Use grep on web server access logs to find suspicious POST requests: grep 'POST .*regstatus.*action=deny' /var/log/apache2/access.log
  • Simulate a request with curl to test the endpoint behavior: curl -X POST 'http://target-site/admin/regstatus?action=deny&user=targetuser'
Mitigation Strategies

Immediate mitigation steps include implementing proper CSRF protections such as adding anti-CSRF tokens to forms and validating them on the server side.

Restrict access to the admin interface to trusted IP addresses or networks to reduce exposure.

Ensure that user sessions are properly validated and that sensitive actions require additional authentication or confirmation.

If possible, update ZeusCart to a version where this vulnerability is patched or apply any available security patches.

Educate administrators to avoid clicking on suspicious links or visiting untrusted websites while logged into the admin interface.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25435. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart