Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14331 | 1 Xiaocms | 1 Xiaocms X1 | 2018-09-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my. | |||||
| CVE-2018-14421 | 1 Seacms | 1 Seacms | 2018-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF. | |||||
| CVE-2018-14420 | 1 Metinfo | 1 Metinfo | 2018-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI. | |||||
| CVE-2018-14069 | 1 Srcms Project | 1 Srcms | 2018-09-10 | 6.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add. | |||||
| CVE-2018-14068 | 1 Srcms Project | 1 Srcms | 2018-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add. | |||||
| CVE-2018-13793 | 1 Abbyy | 1 Flexicapture | 2018-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login. | |||||
| CVE-2018-14029 | 1 Creatiwity | 1 Witycms | 2018-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field. | |||||
| CVE-2018-13989 | 1 Arcelikas | 2 Grundig Smart Inter\@ctive, Grundig Smart Inter\@ctive Firmware | 2018-09-06 | 8.3 HIGH | 8.8 HIGH |
| Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device. | |||||
| CVE-2018-14014 | 1 Super Cms Project | 1 Super Cms | 2018-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. | |||||
| CVE-2018-11349 | 1 Jirafeau | 1 Jirafeau | 2018-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. | |||||
| CVE-2018-12529 | 1 Intex | 2 N150, N150 Firmware | 2018-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings. | |||||
| CVE-2018-12574 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2018-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | |||||
| CVE-2018-13067 | 1 Opencart | 1 Opencart | 2018-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| /upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. | |||||
| CVE-2018-11636 | 1 Dialogic | 1 Powermedia Xms | 2018-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. | |||||
| CVE-2018-13032 | 1 Ecessa | 2 Shieldlink Sl175ehq, Shieldlink Sl175ehq Firmware | 2018-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. | |||||
| CVE-2018-1000507 | 1 Jjj | 1 Wp User Groups | 2018-08-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1. | |||||
| CVE-2018-1000506 | 1 Mediaron | 1 Metronet Tag Manager | 2018-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9. | |||||
| CVE-2018-1000505 | 1 Tooltipy | 1 Tooltipy | 2018-08-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1. | |||||
| CVE-2018-13445 | 1 Seacms | 1 Seacms | 2018-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add. | |||||
| CVE-2018-13444 | 1 Seacms | 1 Seacms | 2018-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2. | |||||