What is GHSA-6pf6-cr9h-j56p?

GHSA-6pf6-cr9h-j56p is a security advisory published by GitHub Security Advisories with Medium severity. Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify...

Which CVE IDs does GHSA-6pf6-cr9h-j56p cover?

GHSA-6pf6-cr9h-j56p covers the following CVE IDs: CVE-2018-25343. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-6pf6-cr9h-j56p?

GHSA-6pf6-cr9h-j56p has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

GHSA-6pf6-cr9h-j56pMediumCVSS 4.3

Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2018-25343 →

📋 Description

Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that execute automatically when visited by an authenticated admin user.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2018-25343
https://github.com/smakosh/Smartshop/archive/master.zip
https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website
https://www.exploit-db.com/exploits/44824
https://www.vulncheck.com/advisories/smartshop-1-cross-site-request-forgery-via-editprofile-php
https://github.com/advisories/GHSA-6pf6-cr9h-j56p