Total
6085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10487 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request. | |||||
| CVE-2020-10486 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request. | |||||
| CVE-2020-10485 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request. | |||||
| CVE-2020-10484 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request. | |||||
| CVE-2020-10483 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request. | |||||
| CVE-2020-10482 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request. | |||||
| CVE-2020-10481 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request. | |||||
| CVE-2020-10480 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request. | |||||
| CVE-2020-10479 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request. | |||||
| CVE-2020-10478 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request. | |||||
| CVE-2020-10241 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF. | |||||
| CVE-2020-10229 | 1 Vtenext | 1 Vtenext | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts. | |||||
| CVE-2020-10181 | 1 Sumavision | 2 Enhanced Multimedia Router, Enhanced Multimedia Router Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request. | |||||
| CVE-2020-10057 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user. | |||||
| CVE-2019-9958 | 1 Quadbase | 1 Espressreport Enterprise Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests. | |||||
| CVE-2019-9926 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability. | |||||
| CVE-2019-9883 | 1 Hgiga | 8 Msr35 Isherlock-base, Msr35 Isherlock-sysinfo, Msr35 Isherlock-user and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes. | |||||
| CVE-2019-9882 | 1 Hgiga | 8 Msr35 Isherlock-base, Msr35 Isherlock-sysinfo, Msr35 Isherlock-user and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes. | |||||
| CVE-2019-9787 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php. | |||||
| CVE-2019-9769 | 1 Kartatopia | 1 Piluscart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator. | |||||