Filtered by CWE-352
Total 7789 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-17070 1 Unlcms 1 Unlcms 2024-11-21 N/A
An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay.
CVE-2018-17069 1 Unlcms 1 Unlcms 2024-11-21 N/A
An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay.
CVE-2018-17045 1 Cms Maelostore Project 1 Cms Maelostore 2024-11-21 N/A
An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update.
CVE-2018-17023 1 Asus 2 Gt-ac5300, Gt-ac5300 Firmware 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
CVE-2018-16966 1 Filemanagerpro 1 File Manager 2024-11-21 N/A
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
CVE-2018-16952 1 Oracle 1 Webcenter Interaction 2024-11-21 N/A
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password). NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.
CVE-2018-16951 1 Xunfeng Project 1 Xunfeng 2024-11-21 N/A
xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832.
CVE-2018-16854 1 Moodle 1 Moodle 2024-11-21 N/A
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
CVE-2018-16832 1 Xunfeng Project 1 Xunfeng 2024-11-21 N/A
CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header.
CVE-2018-16795 1 Open-emr 1 Openemr 2024-11-21 8.8 High
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.
CVE-2018-16732 1 Chshcms 1 Cscms 2024-11-21 N/A
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
CVE-2018-16650 1 Phpmyfaq 1 Phpmyfaq 2024-11-21 N/A
phpMyFAQ before 2.9.11 allows CSRF.
CVE-2018-16634 1 Pluck-cms 1 Pluck 2024-11-21 N/A
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
CVE-2018-16552 1 Micropyramid 1 Django Crm 2024-11-21 8.8 High
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs.
CVE-2018-16458 1 Baigo 1 Baigo Cms 2024-11-21 N/A
An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article.
CVE-2018-16449 1 Onethink 1 Onethink 2024-11-21 N/A
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html.
CVE-2018-16448 1 Chshcms 1 Cscms 2024-11-21 N/A
Cscms 4 allows CSRF for creating a member via upload/admin.php/user/save, authenticating vip members via upload/admin.php/user/init/tid and upload/admin.php/user/init/rzid, and creating a super administrator and web editor via upload/admin.php/sys/save.
CVE-2018-16447 1 Frogcms Project 1 Frogcms 2024-11-21 N/A
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.
CVE-2018-16431 1 Yfcmf 1 Yfcmf 2024-11-21 N/A
admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account.
CVE-2018-16416 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.