Total
8298 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19376 | 1 Greencms | 1 Greencms | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI. | |||||
| CVE-2018-19335 | 1 Google | 1 Monorail | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports. | |||||
| CVE-2018-19334 | 1 Google | 1 Monorail | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports. | |||||
| CVE-2018-19332 | 1 S-cms | 1 S-cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI. | |||||
| CVE-2018-19327 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF. | |||||
| CVE-2018-19319 | 1 Srcms Project | 1 Srcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges. | |||||
| CVE-2018-19318 | 1 Srcms Project | 1 Srcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account. | |||||
| CVE-2018-19291 | 1 Dilicms | 1 Dilicms | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI. | |||||
| CVE-2018-19225 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF. | |||||
| CVE-2018-19192 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the data[content] parameter. | |||||
| CVE-2018-19182 | 1 Engelsystem | 1 Engelsystem | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Engelsystem before commit hash 2e28336 allows CSRF. | |||||
| CVE-2018-19138 | 1 Wstmart | 1 Wstmart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. | |||||
| CVE-2018-19135 | 1 Clippercms | 1 Clippercms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory. | |||||
| CVE-2018-19104 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges. | |||||
| CVE-2018-1999027 | 1 Jenkins | 1 Saltstack | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | |||||
| CVE-2018-18935 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account. | |||||
| CVE-2018-18934 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF. | |||||
| CVE-2018-18921 | 1 Phpservermonitor | 1 Php Server Monitor | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action. | |||||
| CVE-2018-18842 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2018-18802 | 1 Tubigan | 1 Welcome To Our Resort | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit. | |||||