Total
6081 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19182 | 1 Engelsystem | 1 Engelsystem | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Engelsystem before commit hash 2e28336 allows CSRF. | |||||
| CVE-2018-19138 | 1 Wstmart | 1 Wstmart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. | |||||
| CVE-2018-19135 | 1 Clippercms | 1 Clippercms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory. | |||||
| CVE-2018-19104 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges. | |||||
| CVE-2018-1999027 | 1 Jenkins | 1 Saltstack | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | |||||
| CVE-2018-18935 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account. | |||||
| CVE-2018-18934 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF. | |||||
| CVE-2018-18921 | 1 Phpservermonitor | 1 Php Server Monitor | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action. | |||||
| CVE-2018-18842 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2018-18802 | 1 Tubigan | 1 Welcome To Our Resort | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit. | |||||
| CVE-2018-18799 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. | |||||
| CVE-2018-18797 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php. | |||||
| CVE-2018-18794 | 1 School Event Management System Project | 1 School Event Management System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. | |||||
| CVE-2018-18773 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. | |||||
| CVE-2018-18772 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. | |||||
| CVE-2018-18760 | 1 Saltos | 1 Rhinos | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| RhinOS 3.0 build 1190 allows CSRF. | |||||
| CVE-2018-18742 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. | |||||
| CVE-2018-18735 | 1 Catfish-cms | 1 Catfish Blog | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. | |||||
| CVE-2018-18734 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. | |||||
| CVE-2018-18712 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1. | |||||