Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22761 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.
|
|||||
| CVE-2020-22403 | 1 Express-cart Project | 1 Express-cart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts.
|
|||||
| CVE-2020-22273 | 1 Creativeitem | 1 Neoflex Video Subscription System | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)
|
|||||
| CVE-2020-22000 | 1 Homeautomation Project | 1 Homeautomation | 2024-11-21 | 8.5 HIGH | 8.0 HIGH |
|
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function.
|
|||||
| CVE-2020-21989 | 1 Homeautomation Project | 1 Homeautomation | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
|
|||||
| CVE-2020-21884 | 1 Indionetworks | 10 Unibox U1000, Unibox U1000 Firmware, Unibox U2500 and 7 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.
|
|||||
| CVE-2020-21881 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.
|
|||||
| CVE-2020-21658 | 1 Wdja | 1 Wdja Cms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL.
|
|||||
| CVE-2020-21386 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.
|
|||||
| CVE-2020-21358 | 1 Wagecms Project | 1 Wage-cms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users.
|
|||||
| CVE-2020-21321 | 1 Emlog | 1 Emlog | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.
|
|||||
| CVE-2020-21236 | 1 Damicms | 1 Damicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.
|
|||||
| CVE-2020-21141 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
|
|||||
| CVE-2020-21139 | 1 Ec Cloud E-commerce System Project | 1 Ec Cloud E-commerce System | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add.
|
|||||
| CVE-2020-21126 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
|
|||||
| CVE-2020-21081 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
|
|||||
| CVE-2020-20989 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.
|
|||||
| CVE-2020-20971 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
|
|||||
| CVE-2020-20945 | 1 Qibosoft | 1 Qibosoft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts.
|
|||||
| CVE-2020-20943 | 1 Qibosoft | 1 Qibosoft | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.
|
|||||
| CVE-2020-20693 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
|
|||||
| CVE-2020-20671 | 1 Kitesky | 1 Kitecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.
|
|||||
| CVE-2020-20642 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
|
|||||
| CVE-2020-20595 | 1 Opms Project | 1 Opms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.
|
|||||
| CVE-2020-20593 | 1 Rockoa | 1 Rockoa | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
|
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.
|
|||||
| CVE-2020-20586 | 1 Xyhcms | 1 Xyhcms | 2024-11-21 | 3.5 LOW | 4.5 MEDIUM |
|
A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.
|
|||||
| CVE-2020-20514 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.9 MEDIUM | 8.1 HIGH |
|
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
|
|||||
| CVE-2020-20468 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password.
|
|||||
| CVE-2020-20343 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background.
|
|||||
| CVE-2020-1977 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
|
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.
|
|||||
| CVE-2020-1692 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | 8.1 HIGH |
|
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
|
|||||
| CVE-2020-1103 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerabil ...
Show More |
|||||
| CVE-2020-19964 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
|
|||||
| CVE-2020-19951 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.
|
|||||
| CVE-2020-19889 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.
|
|||||
| CVE-2020-19886 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
|
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu.
|
|||||
| CVE-2020-19682 | 1 Zzzcms | 1 Zzzcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php.
|
|||||
| CVE-2020-19669 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
|
|||||
| CVE-2020-19639 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI.
|
|||||
| CVE-2020-19280 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.
|
|||||