Vulnerabilities (CVE)

Filtered by CWE-352
Total 7686 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6087 1 Vigilecms 1 Vigilecms 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module.
CVE-2008-0556 1 Openca 1 Openca Pki 2025-04-09 7.5 HIGH N/A
Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer.
CVE-2008-0563 1 Liferay 1 Liferay Enterprise Portal 2025-04-09 4.3 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.
CVE-2007-5917 1 Skalinks 1 Skalinks 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters.
CVE-2009-3520 1 Cmsphp Project 1 Cmsphp 2025-04-09 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action.
CVE-2008-6729 1 Phpmotion 1 Phpmotion 2025-04-09 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.
CVE-2008-7165 1 Alice 1 Gate2 Plus Wi-fi 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administrator panel in TELECOM ITALIA Alice Gate2 Plus Wi-Fi allows remote attackers to hijack the authentication of administrators for requests that disable Wi-Fi encryption via certain values for the wlChannel and wlRadioEnable parameters.
CVE-2008-7192 1 Woltlab 1 Burning Board 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, and possibly other 3.x versions, allows remote attackers to hijack the authentication of users for requests that delete private messages via the pmID parameter in a delete action in a PM page, a different vulnerability than CVE-2008-0472.
CVE-2007-5384 2 Alcatel, Bt 2 Speedtouch 7g Router, Home Hub 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues.
CVE-2009-1280 1 Joomla 1 Joomla 2025-04-09 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2008-1172 1 Torrenttrader 2 Torrenttrader, Torrenttrader Classic 2025-04-09 4.3 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages.
CVE-2008-7243 1 Modxcms 1 Modxcms 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via manager/index.php. NOTE: due to the lack of details, it is not clear whether this is related to CVE-2008-5941.
CVE-2009-4349 1 Phpwebscripts 1 Link Up Gold 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
CVE-2007-5229 1 Feedburner 1 Feedsmith 2025-04-09 6.4 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters.
CVE-2008-5583 1 Projectpier 1 Projectpier 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action.
CVE-2009-2677 1 Hp 1 Insight Control Suite For Linux 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2008-1149 1 Phpmyadmin 1 Phpmyadmin 2025-04-09 5.1 MEDIUM N/A
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
CVE-2009-1561 1 Cisco 1 Wrt54gc 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters.
CVE-2007-5213 1 Axis 2 2100 Network Camera, 2100 Network Camera Firmware 2025-04-09 9.3 HIGH N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.
CVE-2008-1323 1 Woltlab 1 Burning Board Lite 2025-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action.