Cross-Site Request Forgery in JS Support Ticket for Joomla! Warnings for Users
CVE-2018-6007

8.8HIGH

Key Information:

Vendor: Joomsky
Status: Js Support Ticket
Vendor: CVE Published:; 29 January 2018

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-6007?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the JS Support Ticket component version 1.1.0 for Joomla!. This vulnerability enables attackers to exploit the system by deceiving authenticated users into executing unauthorized actions, such as injecting malicious HTML or altering ticket information. The exploitation can lead to significant security risks if proper precautions are not adopted. Website administrators should ensure their systems are updated and review user permissions to mitigate potential threats.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-6007 - Proof of Concept

References

https://www.exploit-db.com/exploits/43912/

exploitx_refsource_EXPLOIT-DB

https://packetstormsecurity.com/files/146135/Joomla-JS-Su...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 29, 2018
👾
Exploit known to exist
Jan 29, 2018
Vulnerability published
Jan 29, 2018
Vulnerability Reserved
Jan 22, 2018

CVE-2018-6007 Data

JSON

Joomsky

Badges

What is CVE-2018-6007?

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline