Total
7480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10484 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request. | |||||
| CVE-2020-10483 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request. | |||||
| CVE-2020-10482 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request. | |||||
| CVE-2020-10481 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request. | |||||
| CVE-2020-10480 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request. | |||||
| CVE-2020-10479 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request. | |||||
| CVE-2020-10478 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request. | |||||
| CVE-2020-10241 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF. | |||||
| CVE-2020-10229 | 1 Vtenext | 1 Vtenext | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts. | |||||
| CVE-2020-10057 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user. | |||||
| CVE-2019-9958 | 1 Quadbase | 1 Espressreport Enterprise Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests. | |||||
| CVE-2019-9926 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability. | |||||
| CVE-2019-9883 | 1 Hgiga | 8 Msr35 Isherlock-base, Msr35 Isherlock-sysinfo, Msr35 Isherlock-user and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes. | |||||
| CVE-2019-9882 | 1 Hgiga | 8 Msr35 Isherlock-base, Msr35 Isherlock-sysinfo, Msr35 Isherlock-user and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes. | |||||
| CVE-2019-9787 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php. | |||||
| CVE-2019-9769 | 1 Kartatopia | 1 Piluscart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator. | |||||
| CVE-2019-9688 | 1 Sftnow | 1 Sftnow | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account. | |||||
| CVE-2019-9652 | 1 Sdcms | 1 Sdcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter. | |||||
| CVE-2019-9625 | 1 Directadmin | 1 Directadmin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account. | |||||
| CVE-2019-9604 | 1 Online Lottery Php Readymade Script Project | 1 Online Lottery Php Readymade Script | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions. | |||||