Search
Total
3999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15186 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2018-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. | |||||
| CVE-2013-7464 | 1 Csrf-magic Project | 1 Csrf-magic | 2018-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. | |||||
| CVE-2018-15187 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-10-05 | 6.0 MEDIUM | 8.0 HIGH |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. | |||||
| CVE-2018-15177 | 1 Gxlcms | 1 Gxlcms | 2018-10-05 | 6.8 MEDIUM | 8.8 HIGH |
| In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. | |||||
| CVE-2018-15193 | 1 Gogs | 1 Gogs | 2018-10-05 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. | |||||
| CVE-2018-15197 | 1 Onethink | 1 Onethink | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges. | |||||
| CVE-2018-16449 | 1 Onethink | 1 Onethink | 2018-10-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. | |||||
| CVE-2018-14965 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF. | |||||
| CVE-2018-14966 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF. | |||||
| CVE-2018-14960 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. | |||||
| CVE-2018-14963 | 1 Zzcms | 1 Zzcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. | |||||
| CVE-2018-15198 | 1 Onethink | 1 Onethink | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. | |||||
| CVE-2018-14959 | 1 Weaselcms Project | 1 Weaselcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI. | |||||
| CVE-2018-14958 | 1 Weaselcms Project | 1 Weaselcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php. | |||||
| CVE-2018-14978 | 1 Q-cms | 1 Qcms | 2018-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI. | |||||
| CVE-2018-14926 | 1 Matera | 1 Banco | 2018-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request. | |||||
| CVE-2018-14910 | 1 Seacms | 1 Seacms | 2018-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF. | |||||
| CVE-2018-14908 | 1 Samsung | 1 Syncthru Web Service | 2018-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. | |||||
| CVE-2018-14603 | 1 Gitlab | 1 Gitlab | 2018-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component. | |||||
| CVE-2018-14582 | 1 Bagesoft | 1 Bagecms | 2018-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account. | |||||
| CVE-2018-14583 | 1 Xyhcms | 1 Xyhcms | 2018-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account. | |||||
| CVE-2018-14331 | 1 Xiaocms | 1 Xiaocms X1 | 2018-09-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my. | |||||
| CVE-2018-14421 | 1 Seacms | 1 Seacms | 2018-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF. | |||||
| CVE-2018-14420 | 1 Metinfo | 1 Metinfo | 2018-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI. | |||||
| CVE-2018-14069 | 1 Srcms Project | 1 Srcms | 2018-09-10 | 6.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add. | |||||
| CVE-2018-14068 | 1 Srcms Project | 1 Srcms | 2018-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add. | |||||
| CVE-2018-13793 | 1 Abbyy | 1 Flexicapture | 2018-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login. | |||||
| CVE-2018-14029 | 1 Creatiwity | 1 Witycms | 2018-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field. | |||||
| CVE-2018-13989 | 1 Arcelikas | 2 Grundig Smart Inter\@ctive, Grundig Smart Inter\@ctive Firmware | 2018-09-06 | 8.3 HIGH | 8.8 HIGH |
| Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device. | |||||
| CVE-2018-14014 | 1 Super Cms Project | 1 Super Cms | 2018-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. | |||||
| CVE-2018-11349 | 1 Jirafeau | 1 Jirafeau | 2018-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. | |||||
| CVE-2018-12529 | 1 Intex | 2 N150, N150 Firmware | 2018-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings. | |||||
| CVE-2018-12574 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2018-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | |||||
| CVE-2018-13067 | 1 Opencart | 1 Opencart | 2018-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| /upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. | |||||
| CVE-2018-11636 | 1 Dialogic | 1 Powermedia Xms | 2018-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. | |||||
| CVE-2018-13032 | 1 Ecessa | 2 Shieldlink Sl175ehq, Shieldlink Sl175ehq Firmware | 2018-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. | |||||
| CVE-2018-1000507 | 1 Jjj | 1 Wp User Groups | 2018-08-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1. | |||||
| CVE-2018-1000506 | 1 Mediaron | 1 Metronet Tag Manager | 2018-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9. | |||||
| CVE-2018-1000505 | 1 Tooltipy | 1 Tooltipy | 2018-08-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1. | |||||
| CVE-2018-13445 | 1 Seacms | 1 Seacms | 2018-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add. | |||||
| CVE-2018-13444 | 1 Seacms | 1 Seacms | 2018-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2. | |||||
| CVE-2018-13340 | 1 Gleeztech | 1 Gleez Cms | 2018-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. | |||||
| CVE-2018-12602 | 1 Lfdycms | 1 Lfcms | 2018-08-27 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily. | |||||
| CVE-2018-12603 | 1 Lfdycms | 1 Lfcms | 2018-08-27 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114. | |||||
| CVE-2018-12739 | 1 Beescms | 1 Beescms | 2018-08-27 | 6.8 MEDIUM | 8.8 HIGH |
| In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266. | |||||
| CVE-2018-13010 | 1 Wstmall | 1 Wstmall | 2018-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. | |||||
| CVE-2018-13407 | 1 Jirafeau | 1 Jirafeau | 2018-08-23 | 5.5 MEDIUM | 4.9 MEDIUM |
| A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused. | |||||
| CVE-2018-1000514 | 1 Limesurvey | 1 Limesurvey | 2018-08-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x. | |||||
| CVE-2018-12971 | 1 Easycms | 1 Easycms | 2018-08-20 | 5.8 MEDIUM | 6.5 MEDIUM |
| EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | |||||
| CVE-2008-6048 | 1 Tangocms | 1 Tangocms | 2018-08-13 | 6.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS before 2.2.0 allow remote attackers to hijack the authentication of administrators. | |||||