CVE-2018-25354

Name of the Vulnerable Software and Affected Versions jomres version 9.11.2

Description A cross-site request forgery issue allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the 'account/index' endpoint with hidden fields to change passwords, email addresses, and profile details without user consent.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.