Total
6081 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16795 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file. | |||||
| CVE-2018-16732 | 1 Chshcms | 1 Cscms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | |||||
| CVE-2018-16650 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| phpMyFAQ before 2.9.11 allows CSRF. | |||||
| CVE-2018-16634 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Pluck v4.7.7 allows CSRF via admin.php?action=settings. | |||||
| CVE-2018-16552 | 1 Micropyramid | 1 Django Crm | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. | |||||
| CVE-2018-16458 | 1 Baigo | 1 Baigo Cms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article. | |||||
| CVE-2018-16449 | 1 Onethink | 1 Onethink | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. | |||||
| CVE-2018-16448 | 1 Chshcms | 1 Cscms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save. | |||||
| CVE-2018-16447 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. | |||||
| CVE-2018-16431 | 1 Yfcmf | 1 Yfcmf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account. | |||||
| CVE-2018-16416 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. | |||||
| CVE-2018-16387 | 1 Elefantcms | 1 Elefantcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. | |||||
| CVE-2018-16380 | 1 Digimute | 1 Ogma Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account. | |||||
| CVE-2018-16366 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. | |||||
| CVE-2018-16365 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. | |||||
| CVE-2018-16345 | 1 Easycms | 1 Easycms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. | |||||
| CVE-2018-16339 | 1 Phome | 1 Empirecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser. | |||||
| CVE-2018-16338 | 1 Auracms | 1 Auracms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. | |||||
| CVE-2018-16337 | 1 Chshcms | 1 Cscms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. | |||||
| CVE-2018-16332 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. | |||||