Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4593 | 1 Eclinicalworks | 1 Population Health | 2019-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users, appointments and employees. | |||||
| CVE-2017-6066 | 1 Intelliants | 1 Subrion Cms | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. | |||||
| CVE-2017-6068 | 1 Intelliants | 1 Subrion Cms | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. | |||||
| CVE-2017-6069 | 1 Intelliants | 1 Subrion Cms | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. | |||||
| CVE-2015-6517 | 1 Phpliteadmin Project | 1 Phpliteadmin | 2019-03-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php. | |||||
| CVE-2019-9625 | 1 Directadmin | 1 Directadmin | 2019-03-12 | 6.8 MEDIUM | 8.8 HIGH |
| JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account. | |||||
| CVE-2019-9688 | 1 Sftnow | 1 Sftnow | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account. | |||||
| CVE-2019-9652 | 1 Sdcms | 1 Sdcms | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter. | |||||
| CVE-2019-8437 | 1 Njiandan-cms Project | 1 Njiandan-cms | 2019-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator. | |||||
| CVE-2019-6710 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2019-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. | |||||
| CVE-2019-9598 | 1 Chshcms | 1 Cscms | 2019-03-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds. | |||||
| CVE-2018-17429 | 1 Jtbc | 1 Jtbc | 2019-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| /console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account. | |||||
| CVE-2018-18449 | 1 Phome | 1 Empirecms | 2019-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339. | |||||
| CVE-2019-9603 | 1 1234n | 1 Minicms | 2019-03-07 | 5.8 MEDIUM | 6.5 MEDIUM |
| MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891. | |||||
| CVE-2018-5673 | 1 Booking Calendar Project | 1 Booking Calendar | 2019-03-05 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php. | |||||
| CVE-2018-8718 | 1 Jenkins | 1 Mailer | 2019-03-04 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request. | |||||
| CVE-2018-19138 | 1 Wstmart | 1 Wstmart | 2019-03-04 | 6.8 MEDIUM | 8.8 HIGH |
| WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. | |||||
| CVE-2019-9549 | 1 Popojicms | 1 Popojicms | 2019-03-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935. | |||||
| CVE-2018-9927 | 1 Wuzhicms | 1 Wuzhicms | 2019-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add. | |||||
| CVE-2018-9926 | 1 Wuzhicms | 1 Wuzhicms | 2019-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add. | |||||