Vulnerabilities (CVE)

Filtered by CWE-352
Total 7863 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10267 1 Wtcms Project 1 Wtcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.
CVE-2018-10266 1 Beescms 1 Beescms 2024-11-21 6.8 MEDIUM 8.8 HIGH
BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI.
CVE-2018-10265 1 Hongcms Project 1 Hongcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.
CVE-2018-10249 1 Baijiacms Project 1 Baijiacms 2024-11-21 6.8 MEDIUM 8.8 HIGH
baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.
CVE-2018-10233 1 Ultimatemember 1 User Profile \& Membership 2024-11-21 6.8 MEDIUM 8.8 HIGH
The User Profile & Membership plugin before 2.0.7 for WordPress has no mitigations implemented against cross site request forgery attacks. This is a structural finding throughout the entire plugin.
CVE-2018-10232 1 Topdesk 1 Topdesk 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for requests that can obtain sensitive information via unspecified vectors.
CVE-2018-10224 1 Yzmcms 1 Yzmcms 2024-11-21 6.0 MEDIUM 6.8 MEDIUM
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.
CVE-2018-10223 1 Yzmcms 1 Yzmcms 2024-11-21 6.0 MEDIUM 6.8 MEDIUM
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.
CVE-2018-10222 1 Icmsdev 1 Icms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.
CVE-2018-10188 1 Phpmyadmin 1 Phpmyadmin 2024-11-21 6.8 MEDIUM 8.8 HIGH
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
CVE-2018-10185 1 Tuzicms 1 Tuzicms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call.
CVE-2018-10166 1 Tp-link 1 Eap Controller 2024-11-21 6.8 MEDIUM 8.8 HIGH
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows.
CVE-2018-10137 1 Iscripts 1 Uberforx 2024-11-21 6.8 MEDIUM 8.8 HIGH
iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI.
CVE-2018-10132 1 Pbootcms 1 Pbootcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.
CVE-2018-10127 1 Xyhcms Project 1 Xyhcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role.
CVE-2018-10117 1 Icmsdev 1 Icms 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.
CVE-2018-10099 1 Google 1 Monorail 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-10048 1 Iscripts 1 Eswap 2024-11-21 6.8 MEDIUM 8.8 HIGH
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
CVE-2018-10031 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 6.8 MEDIUM 8.8 HIGH
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.
CVE-2018-10030 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 6.8 MEDIUM 8.8 HIGH
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.