Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7464 | 1 Csrf-magic Project | 1 Csrf-magic | 2018-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. | |||||
| CVE-2018-15187 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-10-05 | 6.0 MEDIUM | 8.0 HIGH |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. | |||||
| CVE-2018-15177 | 1 Gxlcms | 1 Gxlcms | 2018-10-05 | 6.8 MEDIUM | 8.8 HIGH |
| In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. | |||||
| CVE-2018-15193 | 1 Gogs | 1 Gogs | 2018-10-05 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. | |||||
| CVE-2018-15197 | 1 Onethink | 1 Onethink | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges. | |||||
| CVE-2018-16449 | 1 Onethink | 1 Onethink | 2018-10-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. | |||||
| CVE-2018-14965 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF. | |||||
| CVE-2018-14966 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF. | |||||
| CVE-2018-14960 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. | |||||
| CVE-2018-14963 | 1 Zzcms | 1 Zzcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. | |||||
| CVE-2018-15198 | 1 Onethink | 1 Onethink | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. | |||||
| CVE-2018-14959 | 1 Weaselcms Project | 1 Weaselcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI. | |||||
| CVE-2018-14958 | 1 Weaselcms Project | 1 Weaselcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php. | |||||
| CVE-2018-14978 | 1 Q-cms | 1 Qcms | 2018-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI. | |||||
| CVE-2018-14926 | 1 Matera | 1 Banco | 2018-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request. | |||||
| CVE-2018-14910 | 1 Seacms | 1 Seacms | 2018-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF. | |||||
| CVE-2018-14908 | 1 Samsung | 1 Syncthru Web Service | 2018-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. | |||||
| CVE-2018-14603 | 1 Gitlab | 1 Gitlab | 2018-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component. | |||||
| CVE-2018-14582 | 1 Bagesoft | 1 Bagecms | 2018-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account. | |||||
| CVE-2018-14583 | 1 Xyhcms | 1 Xyhcms | 2018-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account. | |||||