Total
8760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18432 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request.
|
|||||
| CVE-2018-18422 | 1 Usualtool | 1 Usualtoolcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI.
|
|||||
| CVE-2018-18420 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
|
|||||
| CVE-2018-18317 | 1 Dscms Project | 1 Dscms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI.
|
|||||
| CVE-2018-18316 | 1 Emlog | 1 Emlog | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.
|
|||||
| CVE-2018-18246 | 1 Icinga | 1 Icinga Web 2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module.
|
|||||
| CVE-2018-18215 | 1 Youke365 | 1 Youke 365 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account.
|
|||||
| CVE-2018-18201 | 1 Qibosoft | 1 Qibosoft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account.
|
|||||
| CVE-2018-18191 | 1 Finecms | 1 Finecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password.
|
|||||
| CVE-2018-17996 | 1 Layerbb | 1 Layerbb | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
|
|||||
| CVE-2018-17986 | 1 Razorcms | 1 Razorcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.
|
|||||
| CVE-2018-17869 | 1 Dasan | 2 H660gw, H660gw Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
DASAN H660GW devices do not implement any CSRF protection mechanism.
|
|||||
| CVE-2018-17858 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.
|
|||||
| CVE-2018-17826 | 1 Hisiphp | 1 Hisiphp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico).
|
|||||
| CVE-2018-17792 | 1 Altn | 1 Mdaemon Webmail | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
MDaemon Webmail (formerly WorldClient) has CSRF.
|
|||||
| CVE-2018-17789 | 1 Prospecta | 1 Master Data Online | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Prospecta Master Data Online (MDO) allows CSRF.
|
|||||
| CVE-2018-17584 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.
|
|||||
| CVE-2018-17429 | 1 Jtbc | 1 Jtbc | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
/console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account.
|
|||||
| CVE-2018-17389 | 1 Ranksol | 1 Live Call Support | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.
|
|||||
| CVE-2018-17387 | 1 Ranksol | 1 Nimble Professional | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for adding an admin account.
|
|||||
| CVE-2018-17168 | 1 Printeron | 1 Printeron | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc).
|
|||||
| CVE-2018-17104 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
|
|||||
| CVE-2018-17103 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter
|
|||||
| CVE-2018-17102 | 1 Quickappscms | 1 Quickapps Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI.
|
|||||
| CVE-2018-17081 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
|
|||||
| CVE-2018-17070 | 1 Unlcms | 1 Unlcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay.
|
|||||
| CVE-2018-17069 | 1 Unlcms | 1 Unlcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay.
|
|||||
| CVE-2018-17045 | 1 Cms Maelostore Project | 1 Cms Maelostore | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update.
|
|||||
| CVE-2018-17023 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
|
|||||
| CVE-2018-16966 | 1 Filemanagerpro | 1 File Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
|
|||||
| CVE-2018-16952 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password). NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.
|
|||||
| CVE-2018-16951 | 1 Xunfeng Project | 1 Xunfeng | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
|
xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832.
|
|||||
| CVE-2018-16854 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
|
|||||
| CVE-2018-16832 | 1 Xunfeng Project | 1 Xunfeng | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header.
|
|||||
| CVE-2018-16795 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.
|
|||||
| CVE-2018-16732 | 1 Chshcms | 1 Cscms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
|
|||||
| CVE-2018-16650 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
phpMyFAQ before 2.9.11 allows CSRF.
|
|||||
| CVE-2018-16634 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
|
|||||
| CVE-2018-16552 | 1 Micropyramid | 1 Django Crm | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs.
|
|||||
| CVE-2018-16458 | 1 Baigo | 1 Baigo Cms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article.
|
|||||