Vulmon Recent Vulnerabilities Trends Blog About Contact

csrf vulnerabilities and exploits

(subscribe to this query)

6.8
CVSSv2
CVE-2020-19889
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user....
5
CVSSv2
CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies....
6.8
CVSSv2
CVE-2014-8773
MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter....
6.8
CVSSv2
CVE-2020-8420
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability....
4.3
CVSSv2
CVE-2020-19886
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu....
6.8
CVSSv2
CVE-2019-13949
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change....
6.8
CVSSv2
CVE-2015-1786
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers....
6.8
CVSSv2
CVE-2018-20598
UCMS 1.4.7 has ?do=user_addpost CSRF....
6.8
CVSSv2
CVE-2019-12466
Wikimedia MediaWiki through 1.32.1 allows CSRF....
4.3
CVSSv2
CVE-2020-8166
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionenviragalleryCVE-2020-27368CVE-2021-23926injectionenvira galleryCVE-2020-6207CVE-2021-21242unspecifiedCVE-2021-24122CVE-2021-0212