CVE-2018-25343

Name of the Vulnerable Software and Affected Versions Smartshop version 1

Description Cross-site request forgery allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the 'editprofile.php' endpoint with hidden fields for the email and password parameters that execute automatically when visited by an authenticated admin user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.