Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9182 | 1 Zzzcms | 1 Zzzphp | 2019-02-26 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter. | |||||
| CVE-2018-16634 | 1 Pluck-cms | 1 Pluck | 2019-02-26 | 6.8 MEDIUM | 8.8 HIGH |
| Pluck v4.7.7 allows CSRF via admin.php?action=settings. | |||||
| CVE-2012-2003 | 2 Hp, Microsoft | 4 Insight Management Agents, Windows 2003 Server, Windows Server 2003 and 1 more | 2019-02-26 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2018-16447 | 1 Frogcms Project | 1 Frogcms | 2019-02-25 | 6.8 MEDIUM | 8.8 HIGH |
| Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. | |||||
| CVE-2019-9040 | 1 S-cms | 1 S-cms | 2019-02-25 | 6.8 MEDIUM | 8.8 HIGH |
| S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332. | |||||
| CVE-2019-9052 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI. | |||||
| CVE-2019-9051 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI. | |||||
| CVE-2019-9049 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI. | |||||
| CVE-2019-9048 | 1 Pluck-cms | 1 Pluck | 2019-02-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI. | |||||
| CVE-2019-1000022 | 1 Taoensso | 1 Sente | 2019-02-20 | 6.8 MEDIUM | 8.8 HIGH |
| Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoint. This vulnerability appears to have been fixed in 1.14.0 and later. | |||||
| CVE-2019-0267 | 1 Sap | 1 Manufacturing Integration And Intelligence | 2019-02-20 | 6.8 MEDIUM | 8.8 HIGH |
| SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application. | |||||
| CVE-2019-8902 | 1 Idreamsoft | 1 Icms | 2019-02-19 | 4.9 MEDIUM | 5.7 MEDIUM |
| An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. | |||||
| CVE-2019-8910 | 1 Wtcms Project | 1 Wtcms | 2019-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF. | |||||
| CVE-2019-1000003 | 1 Mapsvg | 1 Mapsvg Lite | 2019-02-15 | 6.8 MEDIUM | 8.8 HIGH |
| MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later. | |||||
| CVE-2018-6907 | 1 Rainmachine | 1 Rainmachine Web Application | 2019-02-15 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. | |||||
| CVE-2019-8347 | 1 Beescms | 1 Beescms | 2019-02-15 | 6.8 MEDIUM | 8.8 HIGH |
| BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI. | |||||
| CVE-2018-1000858 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Gnupg | 2019-02-13 | 6.8 MEDIUM | 8.8 HIGH |
| GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. | |||||
| CVE-2019-7738 | 1 C.p.sub Project | 1 C.p.sub | 2019-02-13 | 5.8 MEDIUM | 6.5 MEDIUM |
| C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. | |||||
| CVE-2019-7737 | 1 Verydows | 1 Verydows | 2019-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit. | |||||
| CVE-2019-7730 | 1 Mywebsql | 1 Mywebsql | 2019-02-12 | 4.9 MEDIUM | 5.7 MEDIUM |
| MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI. | |||||