Total
6081 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18711 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info. | |||||
| CVE-2018-18696 | 1 Microstrategy | 1 Microstrategy | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided (https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=en_US) and disagrees that this issue is a vulnerability. They also claim that MicroStrategy was never properly informed of this issue via normal support channels or their vulnerability reporting page on their website, so they were unable to evaluate the report or explain how this is something their customers view as a feature and not a security vulnerability | |||||
| CVE-2018-18449 | 1 Phome | 1 Empirecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339. | |||||
| CVE-2018-18436 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI. | |||||
| CVE-2018-18432 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request. | |||||
| CVE-2018-18422 | 1 Usualtool | 1 Usualtoolcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI. | |||||
| CVE-2018-18420 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. | |||||
| CVE-2018-18317 | 1 Dscms Project | 1 Dscms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI. | |||||
| CVE-2018-18316 | 1 Emlog | 1 Emlog | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. | |||||
| CVE-2018-18246 | 1 Icinga | 1 Icinga Web 2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module. | |||||
| CVE-2018-18215 | 1 Youke365 | 1 Youke 365 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account. | |||||
| CVE-2018-18201 | 1 Qibosoft | 1 Qibosoft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account. | |||||
| CVE-2018-18191 | 1 Finecms | 1 Finecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password. | |||||
| CVE-2018-17996 | 1 Layerbb | 1 Layerbb | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/. | |||||
| CVE-2018-17986 | 1 Razorcms | 1 Razorcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. | |||||
| CVE-2018-17869 | 1 Dasan | 2 H660gw, H660gw Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| DASAN H660GW devices do not implement any CSRF protection mechanism. | |||||
| CVE-2018-17858 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. | |||||
| CVE-2018-17826 | 1 Hisiphp | 1 Hisiphp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico). | |||||
| CVE-2018-17792 | 1 Altn | 1 Mdaemon Webmail | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MDaemon Webmail (formerly WorldClient) has CSRF. | |||||
| CVE-2018-17789 | 1 Prospecta | 1 Master Data Online | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Prospecta Master Data Online (MDO) allows CSRF. | |||||