Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19613 | 1 Westermo | 6 Dr-250, Dr-250 Firmware, Dr-260 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF.
|
|||||
| CVE-2018-19561 | 1 Sikcms | 1 Sikcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account.
|
|||||
| CVE-2018-19560 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.
|
|||||
| CVE-2018-19555 | 1 Tp4a | 1 Teleport | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password.
|
|||||
| CVE-2018-19546 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.
|
|||||
| CVE-2018-19545 | 1 Jeecms | 1 Jeecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.
|
|||||
| CVE-2018-19544 | 1 Jeecms | 1 Jeecms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news.
|
|||||
| CVE-2018-19525 | 1 Systrome | 6 Cumilon Isg-600c, Cumilon Isg-600c Firmware, Cumilon Isg-600h and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation.
|
|||||
| CVE-2018-19511 | 1 Ens | 1 Webgalamb | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.
|
|||||
| CVE-2018-19376 | 1 Greencms | 1 Greencms | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI.
|
|||||
| CVE-2018-19335 | 1 Google | 1 Monorail | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
|
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
|
|||||
| CVE-2018-19334 | 1 Google | 1 Monorail | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.
|
|||||
| CVE-2018-19332 | 1 S-cms | 1 S-cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI.
|
|||||
| CVE-2018-19327 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.
|
|||||
| CVE-2018-19319 | 1 Srcms Project | 1 Srcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges.
|
|||||
| CVE-2018-19318 | 1 Srcms Project | 1 Srcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.
|
|||||
| CVE-2018-19291 | 1 Dilicms | 1 Dilicms | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.
|
|||||
| CVE-2018-19225 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF.
|
|||||
| CVE-2018-19192 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the data[content] parameter.
|
|||||
| CVE-2018-19182 | 1 Engelsystem | 1 Engelsystem | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Engelsystem before commit hash 2e28336 allows CSRF.
|
|||||
| CVE-2018-19138 | 1 Wstmart | 1 Wstmart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.
|
|||||
| CVE-2018-19135 | 1 Clippercms | 1 Clippercms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory.
|
|||||
| CVE-2018-19104 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.
|
|||||
| CVE-2018-1999027 | 1 Jenkins | 1 Saltstack | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
|
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
|
|||||
| CVE-2018-18935 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account.
|
|||||
| CVE-2018-18934 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF.
|
|||||
| CVE-2018-18921 | 1 Phpservermonitor | 1 Php Server Monitor | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.
|
|||||
| CVE-2018-18842 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.
|
|||||
| CVE-2018-18802 | 1 Tubigan | 1 Welcome To Our Resort | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit.
|
|||||
| CVE-2018-18799 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.
|
|||||
| CVE-2018-18797 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.
|
|||||
| CVE-2018-18794 | 1 School Event Management System Project | 1 School Event Management System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
|
|||||
| CVE-2018-18773 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
|
|||||
| CVE-2018-18772 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
|
|||||
| CVE-2018-18742 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.
|
|||||
| CVE-2018-18735 | 1 Catfish-cms | 1 Catfish Blog | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33.
|
|||||
| CVE-2018-18734 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30.
|
|||||
| CVE-2018-18696 | 1 Microstrategy | 1 Microstrategy | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided (https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=en_US) and disagrees that this issue is a vulnerability. They also claim that MicroStrategy was never properly informed of this issue via normal support channels or their vulnerability reporting page on their websit ...
Show More |
|||||
| CVE-2018-18449 | 1 Phome | 1 Empirecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
|
|||||
| CVE-2018-18436 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI.
|
|||||