Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cross-site request forgery vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2018-12114
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
Maccms Maccms 10.0
1 EDB exploit
690
VMScore
CVE-2012-1416
Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the defa...
Socialcms Socialcms 1.0.2
2 EDB exploits
765
VMScore
CVE-2014-2579
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) ...
Xcloner Xcloner
1 EDB exploit
936
VMScore
CVE-2019-9082
ThinkPHP prior to 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
Thinkphp Thinkphp
Opensourcebms Open Source Background Management System 1.1.1
Zzzcms Zzzphp 1.6.1
1 EDB exploit
2 Github repositories
685
VMScore
CVE-2015-6541
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) prior to 8.5 allow remote malicious users to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to servi...
Zimbra Zimbra Collaboration Server
1 EDB exploit
685
VMScore
CVE-2018-14029
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an malicious user to take over a user account, as demonstrated by modifying the account's email field.
Creatiwity Witycms 0.6.2
1 EDB exploit
685
VMScore
CVE-2018-7746
An issue exists in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.
Cobub Razor 0.7.2
1 EDB exploit
685
VMScore
CVE-2018-5720
An issue exists on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote malicious users to hijack the authentication of users for requests that modify all the settings. This vulne...
Dodocool Dc38 Firmware Rtn2-aw.gd.r3465.1.20161103
1 EDB exploit
685
VMScore
CVE-2018-12602
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.
Lfdycms Lfcms 3.7.0
1 EDB exploit
685
VMScore
CVE-2018-12603
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote malicious users to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.
Lfdycms Lfcms 3.7.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »