Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Angry Yack Logo
Total 8760 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-19268 1 Dswjcms Project 1 Dswjcms 2024-11-21 3.5 LOW 5.7 MEDIUM
A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.
CVE-2020-19264 1 Mipcms 1 Mipcms 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.
CVE-2020-19263 1 Mipcms 1 Mipcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit.
CVE-2020-19199 1 Phpok 1 Phpok 2024-11-21 6.8 MEDIUM 8.8 HIGH
A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.
CVE-2020-19159 1 Laiketui 1 Laiketui 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.
CVE-2020-19047 1 Iwebshop 1 Iwebshop 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'.
CVE-2020-18964 1 Forestblog Project 1 Forestblog 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.
CVE-2020-18917 1 Dedecms 1 Dedecms 2024-11-21 6.8 MEDIUM 8.8 HIGH
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.
CVE-2020-18889 1 Puppycms 1 Puppycms 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.
CVE-2020-18694 1 Ignitedcms 1 Ignitedcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save_profile".
CVE-2020-18648 1 Juqingcms 1 Juqingcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component "JuQingCMS_v1.0/admin/index.php?c=administrator&a=add".
CVE-2020-18464 1 Aikcms 1 Aikcms 2024-11-21 3.5 LOW 3.5 LOW
Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.
CVE-2020-18463 1 Aikcms 1 Aikcms 2024-11-21 3.5 LOW 2.4 LOW
Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message.
CVE-2020-18460 1 711cms 1 711cms 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content.
CVE-2020-18458 1 Damicms 1 Damicms 2024-11-21 6.0 MEDIUM 8.0 HIGH
Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.
CVE-2020-18457 1 Bycms Project 1 Bycms 2024-11-21 6.0 MEDIUM 6.8 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html.
CVE-2020-18454 1 Bycms Project 1 Bycms 2024-11-21 6.0 MEDIUM 6.8 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html.
CVE-2020-18418 1 Feifeicms 1 Feifeicms 2024-11-21 N/A 8.8 HIGH
A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.
CVE-2020-18416 1 Jyuu 1 Jymusic 2024-11-21 N/A 6.8 MEDIUM
An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information.
CVE-2020-18409 1 Catfishcms Project 1 Catfishcms 2024-11-21 N/A 6.8 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html.
CVE-2020-18326 1 Intelliants 1 Subrion Cms 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
CVE-2020-18265 1 Simple-log Project 1 Simple-log 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member".
CVE-2020-18264 1 Simple-log Project 1 Simple-log 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member".
CVE-2020-18198 1 Pluck-cms 1 Pluck 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
CVE-2020-18195 1 Pluck-cms 1 Pluck 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
CVE-2020-18157 1 Metinfo 1 Metinfo 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.
CVE-2020-18151 1 Thinkcmf 1 Thinkcmf 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.
CVE-2020-18129 1 Eyoucms 1 Eyoucms 2024-11-21 6.8 MEDIUM 8.8 HIGH
A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.
CVE-2020-18124 1 Indexhibit 1 Indexhibit 2024-11-21 4.0 MEDIUM 5.7 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords.
CVE-2020-18123 1 Indexhibit 1 Indexhibit 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts.
CVE-2020-17901 1 Pbootcms 1 Pbootcms 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.
CVE-2020-16610 1 Hoosk 1 Hoosk 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.
CVE-2020-16256 1 Winstonprivacy 2 Winston, Winston Firmware 2024-11-21 9.3 HIGH 8.8 HIGH
The API on Winston 1.5.4 devices is vulnerable to CSRF.
CVE-2020-16253 1 Pghero Project 1 Pghero 2024-11-21 5.8 MEDIUM 8.1 HIGH
The PgHero gem through 2.6.0 for Ruby allows CSRF.
CVE-2020-16252 1 Field Test Project 1 Field Test 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF.
CVE-2020-16208 1 Redlion 4 N-tron 702-w, N-tron 702-w Firmware, N-tron 702m12-w and 1 more 2024-11-21 9.3 HIGH 8.8 HIGH
The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).
CVE-2020-15882 1 Munkireport Project 1 Munkireport 2024-11-21 5.8 MEDIUM 8.1 HIGH
A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database.
CVE-2020-15789 1 Siemens 1 Polarion Subversion Webclient 2024-11-21 5.8 MEDIUM 8.1 HIGH
A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the ...

Show More
CVE-2020-15711 1 Misp 1 Misp 2024-11-21 6.8 MEDIUM 8.8 HIGH
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
CVE-2020-15700 1 Joomla 1 Joomla\! 2024-11-21 6.8 MEDIUM 6.3 MEDIUM
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.