Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 7939 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18436 1 Jtbc 1 Jtbc Php 2024-11-21 6.8 MEDIUM 8.8 HIGH
JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI.
CVE-2018-18432 1 Destoon 1 Destoon B2b 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request.
CVE-2018-18422 1 Usualtool 1 Usualtoolcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI.
CVE-2018-18420 1 Tribalsystems 1 Zenario 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
CVE-2018-18317 1 Dscms Project 1 Dscms 2024-11-21 6.8 MEDIUM 8.8 HIGH
DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI.
CVE-2018-18316 1 Emlog 1 Emlog 2024-11-21 6.8 MEDIUM 8.8 HIGH
emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.
CVE-2018-18246 1 Icinga 1 Icinga Web 2 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module.
CVE-2018-18215 1 Youke365 1 Youke 365 2024-11-21 6.8 MEDIUM 8.8 HIGH
In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account.
CVE-2018-18201 1 Qibosoft 1 Qibosoft 2024-11-21 6.8 MEDIUM 8.8 HIGH
qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account.
CVE-2018-18191 1 Finecms 1 Finecms 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password.
CVE-2018-17996 1 Layerbb 1 Layerbb 2024-11-21 5.8 MEDIUM 6.5 MEDIUM
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
CVE-2018-17986 1 Razorcms 1 Razorcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.
CVE-2018-17869 1 Dasan 2 H660gw, H660gw Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
DASAN H660GW devices do not implement any CSRF protection mechanism.
CVE-2018-17858 1 Joomla 1 Joomla\! 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.
CVE-2018-17826 1 Hisiphp 1 Hisiphp 2024-11-21 6.8 MEDIUM 8.8 HIGH
HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico).
CVE-2018-17792 1 Altn 1 Mdaemon Webmail 2024-11-21 6.8 MEDIUM 8.8 HIGH
MDaemon Webmail (formerly WorldClient) has CSRF.
CVE-2018-17789 1 Prospecta 1 Master Data Online 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Prospecta Master Data Online (MDO) allows CSRF.
CVE-2018-17584 1 Wpfastestcache 1 Wp Fastest Cache 2024-11-21 6.8 MEDIUM 8.8 HIGH
The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.
CVE-2018-17429 1 Jtbc 1 Jtbc 2024-11-21 6.8 MEDIUM 8.8 HIGH
/console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account.
CVE-2018-17389 1 Ranksol 1 Live Call Support 2024-11-21 6.8 MEDIUM 8.8 HIGH
CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.