These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2018-25343 documents a cross-site request forgery (CSRF) vulnerability in Smartshop 1, an e-commerce website template. The vulnerability resides in the editprofile.php endpoint, which fails to implement anti-CSRF tokens or origin validation. An attacker can craft a malicious HTML form containing hidden fields for email and password parameters; when an authenticated administrator visits the attacker's [truncated]
CVE-2018-25342 documents a time-based blind SQL injection vulnerability in Smartshop 1, an e-commerce website template. The vulnerability resides in the `searched` parameter of `search.php` and can be exploited by unauthenticated attackers to manipulate database queries. The issue was published to CVE on 23 May 2026 and last modified on 26 May 2026. The NVD entry currently carries a status of 'Deferred'. [truncated]
CVE-2018-25341 documents a SQL injection vulnerability in Smartshop 1, an e-commerce website template. The vulnerability exists in the `product.php` file, where the `id` parameter fails to properly sanitize user input before incorporating it into SQL queries. Unauthenticated attackers can exploit this weakness through GET requests containing union-based SQL injection payloads, enabling extraction of sensi [truncated]