Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9688 | 1 Sftnow | 1 Sftnow | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account. | |||||
| CVE-2019-9652 | 1 Sdcms | 1 Sdcms | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter. | |||||
| CVE-2019-8437 | 1 Njiandan-cms Project | 1 Njiandan-cms | 2019-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator. | |||||
| CVE-2019-6710 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2019-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. | |||||
| CVE-2019-9598 | 1 Chshcms | 1 Cscms | 2019-03-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds. | |||||
| CVE-2018-17429 | 1 Jtbc | 1 Jtbc | 2019-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| /console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account. | |||||
| CVE-2018-18449 | 1 Phome | 1 Empirecms | 2019-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339. | |||||
| CVE-2019-9603 | 1 1234n | 1 Minicms | 2019-03-07 | 5.8 MEDIUM | 6.5 MEDIUM |
| MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891. | |||||
| CVE-2018-5673 | 1 Booking Calendar Project | 1 Booking Calendar | 2019-03-05 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php. | |||||
| CVE-2018-8718 | 1 Jenkins | 1 Mailer | 2019-03-04 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request. | |||||
| CVE-2018-19138 | 1 Wstmart | 1 Wstmart | 2019-03-04 | 6.8 MEDIUM | 8.8 HIGH |
| WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. | |||||
| CVE-2019-9549 | 1 Popojicms | 1 Popojicms | 2019-03-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935. | |||||
| CVE-2018-9927 | 1 Wuzhicms | 1 Wuzhicms | 2019-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add. | |||||
| CVE-2018-9926 | 1 Wuzhicms | 1 Wuzhicms | 2019-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add. | |||||
| CVE-2019-9182 | 1 Zzzcms | 1 Zzzphp | 2019-02-26 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter. | |||||
| CVE-2018-16634 | 1 Pluck-cms | 1 Pluck | 2019-02-26 | 6.8 MEDIUM | 8.8 HIGH |
| Pluck v4.7.7 allows CSRF via admin.php?action=settings. | |||||
| CVE-2012-2003 | 2 Hp, Microsoft | 4 Insight Management Agents, Windows 2003 Server, Windows Server 2003 and 1 more | 2019-02-26 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2018-16447 | 1 Frogcms Project | 1 Frogcms | 2019-02-25 | 6.8 MEDIUM | 8.8 HIGH |
| Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. | |||||
| CVE-2019-9040 | 1 S-cms | 1 S-cms | 2019-02-25 | 6.8 MEDIUM | 8.8 HIGH |
| S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332. | |||||
| CVE-2019-9062 | 1 Online Food Ordering Script Project | 1 Online Food Ordering Script | 2019-02-25 | 6.0 MEDIUM | 8.0 HIGH |
| PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php. | |||||