Total
8014 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23264 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators. | |||||
| CVE-2020-23127 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. | |||||
| CVE-2020-22761 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. | |||||
| CVE-2020-22403 | 1 Express-cart Project | 1 Express-cart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts. | |||||
| CVE-2020-22273 | 1 Creativeitem | 1 Neoflex Video Subscription System | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings) | |||||
| CVE-2020-22000 | 1 Homeautomation Project | 1 Homeautomation | 2024-11-21 | 8.5 HIGH | 8.0 HIGH |
| HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function. | |||||
| CVE-2020-21989 | 1 Homeautomation Project | 1 Homeautomation | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. | |||||
| CVE-2020-21884 | 1 Indionetworks | 10 Unibox U1000, Unibox U1000 Firmware, Unibox U2500 and 7 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device. | |||||
| CVE-2020-21881 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add. | |||||
| CVE-2020-21658 | 1 Wdja | 1 Wdja Cms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL. | |||||
| CVE-2020-21386 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | |||||
| CVE-2020-21358 | 1 Wagecms Project | 1 Wage-cms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users. | |||||
| CVE-2020-21321 | 1 Emlog | 1 Emlog | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles. | |||||
| CVE-2020-21236 | 1 Damicms | 1 Damicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie. | |||||
| CVE-2020-21141 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. | |||||
| CVE-2020-21126 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo. | |||||
| CVE-2020-21081 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL. | |||||
| CVE-2020-20989 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs. | |||||
| CVE-2020-20971 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. | |||||
| CVE-2020-20945 | 1 Qibosoft | 1 Qibosoft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts. | |||||