Vulnerabilities (CVE)

Filtered by CWE-352
Total 5281 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6904 1 Nxfilter 1 Nxfilter 2024-03-21 5.0 MEDIUM 8.8 HIGH
A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument admin_name leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-6766 1 Phpgurukul 1 Teacher Subject Allocation Management System 2024-03-21 5.0 MEDIUM 3.5 LOW
A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247896.
CVE-2023-6653 1 Phpgurukul 1 Teacher Subject Allocation Management System 2024-03-21 5.0 MEDIUM 4.3 MEDIUM
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability.
CVE-2023-6474 1 Phpgurukul 1 Nipah Virus Testing Management System 2024-03-21 5.0 MEDIUM 6.5 MEDIUM
A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-phlebotomist.php. The manipulation of the argument pid leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246640.
CVE-2023-51696 2024-03-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.
CVE-2023-4869 1 Contact Manager App Project 1 Contact Manager App 2024-03-21 5.0 MEDIUM 8.8 HIGH
A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239354 is the identifier assigned to this vulnerability.
CVE-2023-4868 1 Contact Manager App Project 1 Contact Manager App 2024-03-21 5.0 MEDIUM 8.8 HIGH
A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability.
CVE-2023-4865 1 Take-note App Project 1 Take-note App 2024-03-21 5.0 MEDIUM 8.8 HIGH
A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.
CVE-2023-4837 1 Smod 1 Smodbip 2024-03-21 N/A 8.8 HIGH
SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed.
CVE-2023-3841 1 Nxfilter 1 Nxfilter 2024-03-21 5.0 MEDIUM 8.8 HIGH
A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. This vulnerability affects unknown code of the file user.jsp. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235192. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-3579 1 Hadsky 1 Hadsky 2024-03-21 5.0 MEDIUM 8.8 HIGH
A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Affected by this issue is some unknown functionality of the component User Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233372.
CVE-2023-3029 1 Pythagorean Oa Office System Project 1 Pythagorean Oa Office System 2024-03-21 5.0 MEDIUM 8.8 HIGH
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability.
CVE-2023-39446 1 Socomec 2 Modulys Gp, Modulys Gp Firmware 2024-03-21 N/A 8.8 HIGH
Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.
CVE-2023-2474 1 Getrebuild 1 Rebuild 2024-03-21 5.0 MEDIUM 4.3 MEDIUM
A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability.
CVE-2023-22375 1 Planex 2 Cs-wmv02g, Cs-wmv02g Firmware 2024-03-21 N/A 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer.
CVE-2023-1937 1 My-blog Project 1 My-blog 2024-03-21 5.0 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264.
CVE-2023-0999 1 Sales Tracker Management System Project 1 Sales Tracker Management System 2024-03-21 5.0 MEDIUM 8.8 HIGH
A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221734 is the identifier assigned to this vulnerability.
CVE-2023-0988 1 Online Pizza Ordering System Project 1 Online Pizza Ordering System 2024-03-21 5.0 MEDIUM 8.8 HIGH
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221681 was assigned to this vulnerability.
CVE-2023-0674 1 Xuxueli 1 Xxl-job 2024-03-21 5.0 MEDIUM 6.5 MEDIUM
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196.
CVE-2022-4944 1 Kodcloud 1 Kodexplorer 2024-03-21 5.0 MEDIUM 8.8 HIGH
A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000.