Total
7373 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18935 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account. | |||||
| CVE-2018-18934 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF. | |||||
| CVE-2018-18921 | 1 Phpservermonitor | 1 Php Server Monitor | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action. | |||||
| CVE-2018-18842 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2018-18802 | 1 Tubigan | 1 Welcome To Our Resort | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit. | |||||
| CVE-2018-18799 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. | |||||
| CVE-2018-18797 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php. | |||||
| CVE-2018-18794 | 1 School Event Management System Project | 1 School Event Management System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. | |||||
| CVE-2018-18773 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password. | |||||
| CVE-2018-18772 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. | |||||
| CVE-2018-18760 | 1 Saltos | 1 Rhinos | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| RhinOS 3.0 build 1190 allows CSRF. | |||||
| CVE-2018-18742 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. | |||||
| CVE-2018-18735 | 1 Catfish-cms | 1 Catfish Blog | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. | |||||
| CVE-2018-18734 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. | |||||
| CVE-2018-18696 | 1 Microstrategy | 1 Microstrategy | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided (https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=en_US) and disagrees that this issue is a vulnerability. They also claim that MicroStrategy was never properly informed of this issue via normal support channels or their vulnerability reporting page on their website, so they were unable to evaluate the report or explain how this is something their customers view as a feature and not a security vulnerability | |||||
| CVE-2018-18449 | 1 Phome | 1 Empirecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339. | |||||
| CVE-2018-18436 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI. | |||||
| CVE-2018-18432 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request. | |||||
| CVE-2018-18422 | 1 Usualtool | 1 Usualtoolcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI. | |||||
| CVE-2018-18420 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. | |||||