CVE-2018-25337

Vulnerability

The JoomOCShop extension version 1.0 for Joomla is vulnerable to Cross-Site Request Forgery (CSRF) [1][2]. The vulnerability exists in account management endpoints such as /joomoc2/?route=account/edit for updating user profile details and /jcart/account/password.html for changing passwords. No CSRF tokens are used to validate requests, allowing attackers to perform actions on behalf of authenticated users without their consent [1].

Exploitation

An attacker must craft a malicious HTML page containing hidden form fields that target the vulnerable endpoints. The forms are automatically submitted using JavaScript when the victim loads the page [1]. The victim must be an authenticated user of the JoomOCShop site. The attacker can host the page on any server and trick the victim into visiting it, for example via a link in an email or a malicious advertisement [2].

Impact

Successful exploitation allows an attacker to modify the victim's account information, including first name, last name, email, telephone, and fax number, or to reset the password to a value known to the attacker [1]. This can lead to account takeover, unauthorized access to the victim's account, and potential further compromise of the Joomla site if the attacker gains elevated privileges [2].

Mitigation

As of the latest available references, no official patch or fixed version of JoomOCShop has been released to address this vulnerability [1][2]. Users are advised to implement CSRF protection by adding tokens to forms or to disable the extension until a security update is available. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.