Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-6655
Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote malicious users to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.
Pligg Pligg Cms 2.0.2
1 EDB exploit
8.8
CVSSv3
CVE-2018-5969
Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.
Photography Cms Project Photography Cms 1.0
1 EDB exploit
6.5
CVSSv3
CVE-2019-7440
JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).
Jio Jiofi 4g M2s Firmware 1.0.2
1 EDB exploit
8.8
CVSSv3
CVE-2018-8908
An issue exists in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges...
Frog Cms Project Frog Cms 0.9.5
1 EDB exploit
8.8
CVSSv3
CVE-2018-15845
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
Gleezcms Gleez Cms 1.2.0
1 EDB exploit
8.8
CVSSv3
CVE-2019-11374
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
74cms 74cms 5.0.1
1 EDB exploit
NA
CVE-2014-2989
Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote malicious users to hijack the authentication of administrators for requests that create administrative accounts via a request to Users/add.
Open Assessment Technologies Tao 2.5.6
1 EDB exploit
NA
CVE-2013-4889
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripti...
Springsignage Xibo 1.4.2
1 EDB exploit
NA
CVE-2024-25344
Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe malicious user to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrati...
8.8
CVSSv3
CVE-2016-3403
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration prior to 8.6.0 Patch 8 allow remote malicious users to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging f...
Synacor Zimbra Collaboration Suite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »