Cross-Site Request Forgery Vulnerability in Joomla Component jomres by Jomres
CVE-2018-25354

5.3MEDIUM

Key Information:

Vendor

Jomres

Status
Jomres
Vendor
CVE Published:
23 May 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2018-25354?

The jomres component for Joomla version 9.11.2 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This security flaw enables attackers to manipulate user account settings by deceiving authenticated users into visiting malicious websites. By skillfully designing HTML forms that target the account/index endpoint, attackers can alter critical user information such as passwords and email addresses without obtaining explicit consent from the user. It is vital for developers and site administrators to be aware of this vulnerability in order to implement necessary safeguards.

Affected Version(s)

Jomres 9.11.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-25354 - Proof of Concept

References

https://www.exploit-db.com/exploits/44901
exploit
https://www.jomres.net/
product
https://extensions.joomla.org/extension/jomres/
product

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

L0RD
.