Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15702 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. | |||||
| CVE-2018-18201 | 1 Qibosoft | 1 Qibosoft | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account. | |||||
| CVE-2018-18316 | 1 Emlog | 1 Emlog | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. | |||||
| CVE-2018-18317 | 1 Dscms Project | 1 Dscms | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI. | |||||
| CVE-2018-5921 | 1 Hp | 387 A2w75a, A2w75a Firmware, A2w76a and 384 more | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege. | |||||
| CVE-2010-3884 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-11-27 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2018-17858 | 1 Joomla | 1 Joomla\! | 2018-11-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. | |||||
| CVE-2018-17081 | 1 E107 | 1 E107 | 2018-11-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | |||||
| CVE-2017-15608 | 1 Inedo | 1 Proget | 2018-11-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. | |||||
| CVE-2018-18191 | 1 Finecms | 1 Finecms | 2018-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password. | |||||
| CVE-2018-18215 | 1 Youke365 | 1 Youke 365 | 2018-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account. | |||||
| CVE-2018-17102 | 1 Quickappscms | 1 Quickapps Cms | 2018-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI. | |||||
| CVE-2018-17104 | 1 Microweber | 1 Microweber | 2018-11-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user. | |||||
| CVE-2018-18711 | 1 Wuzhicms | 1 Wuzhi Cms | 2018-11-16 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info. | |||||
| CVE-2018-18712 | 1 Wuzhicms | 1 Wuzhi Cms | 2018-11-16 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1. | |||||
| CVE-2018-17826 | 1 Hisiphp | 1 Hisiphp | 2018-11-16 | 6.8 MEDIUM | 8.8 HIGH |
| HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico). | |||||
| CVE-2018-17069 | 1 Unlcms | 1 Unlcms | 2018-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay. | |||||
| CVE-2018-17070 | 1 Unlcms | 1 Unlcms | 2018-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay. | |||||
| CVE-2018-18735 | 1 Catfish-cms | 1 Catfish Blog | 2018-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. | |||||
| CVE-2018-18742 | 1 Sem-cms | 1 Semcms | 2018-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. | |||||