CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by CWE-352

Filtered by vendor Subscriptions

Total 8329 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-19280	1 Jeesns	1 Jeesns	2024-11-21	8.8 High
Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.
CVE-2020-19268	1 Dswjcms Project	1 Dswjcms	2024-11-21	5.7 Medium
A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.
CVE-2020-19264	1 Mipcms	1 Mipcms	2024-11-21	6.5 Medium
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.
CVE-2020-19263	1 Mipcms	1 Mipcms	2024-11-21	8.8 High
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit.
CVE-2020-19199	1 Phpok	1 Phpok	2024-11-21	8.8 High
A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.
CVE-2020-19159	1 Laiketui	1 Laiketui	2024-11-21	8.8 High
Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.
CVE-2020-19047	1 Iwebshop	1 Iwebshop	2024-11-21	8.8 High
Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'.
CVE-2020-18964	1 Forestblog Project	1 Forestblog	2024-11-21	8.8 High
Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.
CVE-2020-18917	1 Dedecms	1 Dedecms	2024-11-21	8.8 High
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.
CVE-2020-18889	1 Puppycms	1 Puppycms	2024-11-21	6.5 Medium
Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.
CVE-2020-18694	1 Ignitedcms	1 Ignitedcms	2024-11-21	8.8 High
Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save_profile".
CVE-2020-18648	1 Juqingcms	1 Juqingcms	2024-11-21	8.8 High
Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component "JuQingCMS_v1.0/admin/index.php?c=administrator&a=add".
CVE-2020-18464	1 Aikcms	1 Aikcms	2024-11-21	3.5 Low
Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.
CVE-2020-18463	1 Aikcms	1 Aikcms	2024-11-21	2.4 Low
Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message.
CVE-2020-18460	1 711cms	1 711cms	2024-11-21	8.8 High
Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content.
CVE-2020-18458	1 Damicms	1 Damicms	2024-11-21	8.0 High
Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.
CVE-2020-18457	1 Bycms Project	1 Bycms	2024-11-21	6.8 Medium
Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html.
CVE-2020-18454	1 Bycms Project	1 Bycms	2024-11-21	6.8 Medium
Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html.
CVE-2020-18326	1 Intelliants	1 Subrion Cms	2024-11-21	8.8 High
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
CVE-2020-18265	1 Simple-log Project	1 Simple-log	2024-11-21	8.8 High
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member".

« first previous Page 345 of 417. next last »