What is GHSA-q7hr-57fw-68mm?

GHSA-q7hr-57fw-68mm is a security advisory published by GitHub Security Advisories with Medium severity. ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform...

Which CVE IDs does GHSA-q7hr-57fw-68mm cover?

GHSA-q7hr-57fw-68mm covers the following CVE IDs: CVE-2018-25435. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-q7hr-57fw-68mm?

GHSA-q7hr-57fw-68mm has a CVSS v3 base score of 5.3, published by GitHub Security Advisories.

GHSA-q7hr-57fw-68mmMediumCVSS 5.3

ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform...

Vendor

GitHub Security Advisories

Published

June 2, 2026

Last Modified

June 2, 2026

🔗 CVE IDs covered (1)

CVE-2018-25435 →

📋 Description

ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages that submit requests to the regstatus endpoint with action=deny parameters.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2018-25435
https://www.exploit-db.com/exploits/46027
https://www.vulncheck.com/advisories/zeuscart-deactivate-customer-accounts-csrf
http://http://www.zeuscart.com
https://github.com/advisories/GHSA-q7hr-57fw-68mm