Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 7410 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-21658 1 Wdja 1 Wdja Cms 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL.
CVE-2020-21386 1 Maccms 1 Maccms 2024-11-21 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.
CVE-2020-21358 1 Wagecms Project 1 Wage-cms 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users.
CVE-2020-21321 1 Emlog 1 Emlog 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.
CVE-2020-21236 1 Damicms 1 Damicms 2024-11-21 6.8 MEDIUM 8.8 HIGH
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.
CVE-2020-21141 1 Idreamsoft 1 Icms 2024-11-21 6.8 MEDIUM 8.8 HIGH
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
CVE-2020-21139 1 Ec Cloud E-commerce System Project 1 Ec Cloud E-commerce System 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add.
CVE-2020-21126 1 Metinfo 1 Metinfo 2024-11-21 6.8 MEDIUM 8.8 HIGH
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
CVE-2020-21081 1 Maccms 1 Maccms 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
CVE-2020-20989 1 Domainmod 1 Domainmod 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.
CVE-2020-20971 1 Pbootcms 1 Pbootcms 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
CVE-2020-20945 1 Qibosoft 1 Qibosoft 2024-11-21 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts.
CVE-2020-20943 1 Qibosoft 1 Qibosoft 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.
CVE-2020-20693 1 Gilacms 1 Gila Cms 2024-11-21 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
CVE-2020-20671 1 Kitesky 1 Kitecms 2024-11-21 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.
CVE-2020-20642 1 Eyoucms 1 Eyoucms 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
CVE-2020-20595 1 Opms Project 1 Opms 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.
CVE-2020-20593 1 Rockoa 1 Rockoa 2024-11-21 6.0 MEDIUM 8.0 HIGH
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.
CVE-2020-20586 1 Xyhcms 1 Xyhcms 2024-11-21 3.5 LOW 4.5 MEDIUM
A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.
CVE-2020-20514 1 Maccms 1 Maccms 2024-11-21 4.9 MEDIUM 8.1 HIGH
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.