Total
5486 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-10117 | 1 Icmsdev | 1 Icms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP. | |||||
CVE-2017-18033 | 1 Atlassian | 1 Jira | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. | |||||
CVE-2018-11445 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role. | |||||
CVE-2018-6023 | 1 Fastweb | 2 Fastgate, Fastgate Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc. | |||||
CVE-2018-12739 | 1 Beescms | 1 Beescms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266. | |||||
CVE-2018-10137 | 1 Iscripts | 1 Uberforx | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI. | |||||
CVE-2018-7746 | 1 Cobub | 1 Razor | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin. | |||||
CVE-2018-11500 | 1 Publiccms | 1 Publiccms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. | |||||
CVE-2014-1457 | 1 Openwebanalytics | 1 Open Web Analytics | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name. | |||||
CVE-2018-9134 | 1 Dedecms | 1 Dedecms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters. | |||||
CVE-2018-10295 | 1 Chemcms Project | 1 Chemcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account. | |||||
CVE-2018-8817 | 1 Wampserver | 1 Wampserver | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Wampserver before 3.1.3 has CSRF in add_vhost.php. | |||||
CVE-2018-12971 | 1 Easycms | 1 Easycms | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | |||||
CVE-2018-11670 | 1 Njtech | 1 Greencms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect. | |||||
CVE-2014-2550 | 1 Disable Comments | 1 Disable Comments Project | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php. | |||||
CVE-2018-10185 | 1 Tuzicms | 1 Tuzicms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call. | |||||
CVE-2018-11018 | 1 Pbootcms | 1 Pbootcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html. | |||||
CVE-2018-12602 | 1 Lfdycms | 1 Lfcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily. | |||||
CVE-2018-1000506 | 1 Mediaron | 1 Metronet Tag Manager | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9. | |||||
CVE-2018-10132 | 1 Pbootcms | 1 Pbootcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter. |