Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10568 | 1 Onthegosystems | 1 Sitepress-multilingual-cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.
|
|||||
| CVE-2020-10540 | 1 Untis | 1 Webuntis | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules.
|
|||||
| CVE-2020-10504 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request.
|
|||||
| CVE-2020-10503 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.
|
|||||
| CVE-2020-10502 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request.
|
|||||
| CVE-2020-10501 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request.
|
|||||
| CVE-2020-10500 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.
|
|||||
| CVE-2020-10499 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request.
|
|||||
| CVE-2020-10498 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request.
|
|||||
| CVE-2020-10497 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request.
|
|||||
| CVE-2020-10496 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request.
|
|||||
| CVE-2020-10495 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.
|
|||||
| CVE-2020-10494 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request.
|
|||||
| CVE-2020-10493 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.
|
|||||
| CVE-2020-10492 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request.
|
|||||
| CVE-2020-10491 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.
|
|||||
| CVE-2020-10490 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.
|
|||||
| CVE-2020-10489 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.
|
|||||
| CVE-2020-10488 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.
|
|||||
| CVE-2020-10487 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.
|
|||||
| CVE-2020-10486 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.
|
|||||
| CVE-2020-10485 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.
|
|||||
| CVE-2020-10484 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.
|
|||||
| CVE-2020-10483 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request.
|
|||||
| CVE-2020-10482 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.
|
|||||
| CVE-2020-10481 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request.
|
|||||
| CVE-2020-10480 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.
|
|||||
| CVE-2020-10479 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.
|
|||||
| CVE-2020-10478 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request.
|
|||||
| CVE-2020-10241 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
|
|||||
| CVE-2020-10229 | 1 Vtenext | 1 Vtenext | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
|
|||||
| CVE-2020-10057 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user.
|
|||||
| CVE-2019-9958 | 1 Quadbase | 1 Espressreport Enterprise Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests.
|
|||||
| CVE-2019-9926 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability.
|
|||||
| CVE-2019-9883 | 1 Hgiga | 8 Msr35 Isherlock-base, Msr35 Isherlock-sysinfo, Msr35 Isherlock-user and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.
|
|||||
| CVE-2019-9882 | 1 Hgiga | 8 Msr35 Isherlock-base, Msr35 Isherlock-sysinfo, Msr35 Isherlock-user and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&[email protected]&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes.
|
|||||
| CVE-2019-9787 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.
|
|||||
| CVE-2019-9769 | 1 Kartatopia | 1 Piluscart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
|
|||||
| CVE-2019-9688 | 1 Sftnow | 1 Sftnow | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account.
|
|||||
| CVE-2019-9652 | 1 Sdcms | 1 Sdcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter.
|
|||||