Total
7538 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17986 | 1 Razorcms | 1 Razorcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. | |||||
| CVE-2018-17869 | 1 Dasan | 2 H660gw, H660gw Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| DASAN H660GW devices do not implement any CSRF protection mechanism. | |||||
| CVE-2018-17858 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. | |||||
| CVE-2018-17826 | 1 Hisiphp | 1 Hisiphp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico). | |||||
| CVE-2018-17792 | 1 Altn | 1 Mdaemon Webmail | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MDaemon Webmail (formerly WorldClient) has CSRF. | |||||
| CVE-2018-17789 | 1 Prospecta | 1 Master Data Online | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Prospecta Master Data Online (MDO) allows CSRF. | |||||
| CVE-2018-17584 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page. | |||||
| CVE-2018-17429 | 1 Jtbc | 1 Jtbc | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| /console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account. | |||||
| CVE-2018-17389 | 1 Ranksol | 1 Live Call Support | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account. | |||||
| CVE-2018-17387 | 1 Ranksol | 1 Nimble Professional | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for adding an admin account. | |||||
| CVE-2018-17366 | 1 Mcms Project | 1 Mcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | |||||
| CVE-2018-17168 | 1 Printeron | 1 Printeron | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc). | |||||
| CVE-2018-17104 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user. | |||||
| CVE-2018-17103 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter | |||||
| CVE-2018-17102 | 1 Quickappscms | 1 Quickapps Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI. | |||||
| CVE-2018-17081 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | |||||
| CVE-2018-17070 | 1 Unlcms | 1 Unlcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay. | |||||
| CVE-2018-17069 | 1 Unlcms | 1 Unlcms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay. | |||||
| CVE-2018-17045 | 1 Cms Maelostore Project | 1 Cms Maelostore | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update. | |||||
| CVE-2018-17023 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | |||||