Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-6409
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
Mmonit M\\/monit
1 EDB exploit
6.8
CVSSv2
CVE-2012-1416
Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the defa...
Socialcms Socialcms 1.0.2
2 EDB exploits
6.8
CVSSv2
CVE-2015-4460
Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box prior to 4.0.0 (r19171) allows remote malicious users to hijack the authentication of administrators for requests that add administrator accounts via certain vectors...
Boxautomation C2box
1 EDB exploit
6.8
CVSSv2
CVE-2018-12603
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote malicious users to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.
Lfdycms Lfcms 3.7.0
1 EDB exploit
6.8
CVSSv2
CVE-2012-1936
The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and previous versions associates a nonce with a user account instead of a user session, which might make it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks on speci...
Wordpress Wordpress 3.0.5
Wordpress Wordpress 2.8.5.2
Wordpress Wordpress 1.2.3
Wordpress Wordpress 2.0.11
Wordpress Wordpress 1.3.3
Wordpress Wordpress 2.8.6
Wordpress Wordpress 2.0
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.2.3
Wordpress Wordpress 2.0.2
Wordpress Wordpress 2.1
Wordpress Wordpress 1.1.1
Wordpress Wordpress 1.2.4
Wordpress Wordpress 2.0.6
Wordpress Wordpress 2.0.1
Wordpress Wordpress 2.8.4
Wordpress Wordpress 2.0.4
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.1.4
Wordpress Wordpress 2.2
Wordpress Wordpress 1.2.1
1 EDB exploit
6.8
CVSSv2
CVE-2016-0891
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM prior to 3.7 allow remote malicious users to hijack the authentication of administrators.
Emc Vipr Srm
1 EDB exploit
6.8
CVSSv2
CVE-2018-19135
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an malicious user to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by de...
Clippercms Clippercms 1.3.3
1 EDB exploit
6.8
CVSSv2
CVE-2017-6086
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote malicious users to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmi...
Vimbadmin Vimbadmin 3.0.15
1 EDB exploit
6.8
CVSSv2
CVE-2018-12739
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
Beescms Beescms 4.0
1 EDB exploit
6.8
CVSSv2
CVE-2018-11671
An issue exists in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
Njtech Greencms 2.3.0603
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »