Filtered by CWE-352
Total 7694 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-13407 1 Jirafeau 1 Jirafeau 2024-11-21 N/A
A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused.
CVE-2018-13398 1 Atlassian 2 Crucible, Fisheye 2024-11-21 N/A
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.
CVE-2018-13394 1 Atlassian 1 Questions For Confluence 2024-11-21 N/A
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
CVE-2018-13393 1 Atlassian 1 Questions For Confluence 2024-11-21 N/A
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
CVE-2018-13340 1 Gleeztech 1 Gleez Cms 2024-11-21 N/A
Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request.
CVE-2018-13067 1 Opencart 1 Opencart 2024-11-21 N/A
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.
CVE-2018-13040 1 Opendesa 1 Opensid 2024-11-21 N/A
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.
CVE-2018-13032 1 Ecessa 2 Shieldlink Sl175ehq, Shieldlink Sl175ehq Firmware 2024-11-21 N/A
ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI.
CVE-2018-13031 1 Damicms 1 Damicms 2024-11-21 N/A
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
CVE-2018-13010 1 Wstmall 1 Wstmall 2024-11-21 N/A
WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account.
CVE-2018-12971 1 Easycms 1 Easycms 2024-11-21 N/A
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.
CVE-2018-12739 1 Beescms 1 Beescms 2024-11-21 N/A
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
CVE-2018-12659 1 Slims Akasia Project 1 Slims Akasia 2024-11-21 N/A
SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter.
CVE-2018-12628 1 Eventum Project 1 Eventum 2024-11-21 N/A
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.
CVE-2018-12603 1 Lfdycms 1 Lfcms 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.
CVE-2018-12602 1 Lfdycms 1 Lfcms 2024-11-21 N/A
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.
CVE-2018-12583 1 Akcms Project 1 Akcms 2024-11-21 N/A
An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php.
CVE-2018-12582 1 Akcms Project 1 Akcms 2024-11-21 N/A
An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI.
CVE-2018-12574 1 Tp-link 2 Tl-wr841n, Tl-wr841n Firmware 2024-11-21 N/A
CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.
CVE-2018-12540 2 Eclipse, Redhat 2 Vert.x, Openshift Application Runtimes 2024-11-21 N/A
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.