Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11679 | 1 Cmseasy | 1 Cmseasy | 2018-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin. | |||||
| CVE-2018-11680 | 1 Cmseasy | 1 Cmseasy | 2018-07-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate. | |||||
| CVE-2018-11538 | 1 Searchblox | 1 Searchblox | 2018-07-03 | 6.8 MEDIUM | 8.8 HIGH |
| servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. | |||||
| CVE-2018-11632 | 1 Multidots | 1 Add Social Share Messenger Buttons Whatsapp And Viber | 2018-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function. | |||||
| CVE-2018-11445 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2018-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role. | |||||
| CVE-2018-11442 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2018-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation. | |||||
| CVE-2018-11405 | 1 Kliqqi | 1 Kliqqi Cms | 2018-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| Kliqqi 2.0.2 has CSRF in admin/admin_users.php. | |||||
| CVE-2018-11371 | 1 Skycaiji | 1 Skycaiji | 2018-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| SkyCaiji 1.2 allows CSRF to add an Administrator user. | |||||
| CVE-2018-11633 | 1 Multidots | 1 Woo Checkout For Digital Goods | 2018-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities. | |||||
| CVE-2018-11500 | 1 Publiccms | 1 Publiccms | 2018-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. | |||||
| CVE-2018-11493 | 1 Wuzhicms | 1 Wuzhi Cms | 2018-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add. | |||||
| CVE-2018-11527 | 1 Cscms Project | 1 Cscms | 2018-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save. | |||||
| CVE-2018-11670 | 1 Njtech | 1 Greencms | 2018-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect. | |||||
| CVE-2018-11671 | 1 Njtech | 1 Greencms | 2018-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle. | |||||
| CVE-2015-4364 | 1 Campaign Monitor Project | 1 Campaign Monitor | 2018-06-26 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/enable or (2) disable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/disable. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site). | |||||
| CVE-2018-11092 | 1 Admin Notes Project | 1 Admin Notes | 2018-06-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action. | |||||
| CVE-2018-11096 | 1 Horse Market Sell \& Rent Portal Project | 1 Horse Market Sell \& Rent Portal | 2018-06-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely. | |||||
| CVE-2018-11127 | 1 E107 | 1 E107 | 2018-06-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| e107 2.1.7 has CSRF resulting in arbitrary user deletion. | |||||
| CVE-2018-11126 | 1 Doorgets | 1 Doorgets | 2018-06-19 | 6.8 MEDIUM | 8.8 HIGH |
| dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account. | |||||
| CVE-2018-11004 | 1 Sdcms | 1 Sdcms | 2018-06-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add. | |||||