CVE-2018-25435

Name of the Vulnerable Software and Affected Versions ZeusCart version 4.0

Description A cross-site request forgery issue allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Specifically, attackers can deactivate customer accounts through the admin interface by tricking users into visiting attacker-controlled pages that submit requests to the 'regstatus' endpoint using the action parameter set to deny.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.