CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 24 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14069 | Hig | 0.57 | 8.8 | 0.01 | Jul 15, 2018 | An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add. | ||
| CVE-2018-14068 | Hig | 0.57 | 8.8 | 0.01 | Jul 15, 2018 | An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add. | ||
| CVE-2016-6578 | Hig | 0.57 | 8.8 | 0.01 | Jul 13, 2018 | CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious… | ||
| CVE-2016-6557 | Hig | 0.57 | 8.8 | 0.01 | Jul 13, 2018 | In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a… | ||
| CVE-2018-1000206 | Hig | 0.57 | 8.8 | 0.01 | Jul 13, 2018 | JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run… | ||
| CVE-2018-14014 | Hig | 0.57 | 8.8 | 0.01 | Jul 12, 2018 | In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. | ||
| CVE-2018-13793 | Hig | 0.57 | 8.8 | 0.00 | Jul 9, 2018 | Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login. | ||
| CVE-2018-13445 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2018 | An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add. | ||
| CVE-2018-13444 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2018 | An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2. | ||
| CVE-2018-11349 | Hig | 0.57 | 8.8 | 0.01 | Jul 7, 2018 | The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. | ||
| CVE-2018-13340 | Hig | 0.57 | 8.8 | 0.01 | Jul 5, 2018 | Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. | ||
| CVE-2018-13031 | Hig | 0.57 | 8.8 | 0.01 | Jul 5, 2018 | DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. | ||
| CVE-2018-11636 | Hig | 0.57 | 8.8 | 0.01 | Jul 3, 2018 | Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. | ||
| CVE-2018-13067 | — | Hig | 0.57 | 8.8 | 0.01 | Jul 2, 2018 | /upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. | |
| CVE-2018-12574 | Hig | 0.57 | 8.8 | 0.00 | Jul 2, 2018 | CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | ||
| CVE-2018-12529 | Hig | 0.57 | 8.8 | 0.01 | Jul 2, 2018 | An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings. | ||
| CVE-2018-13040 | Hig | 0.57 | 8.8 | 0.01 | Jul 1, 2018 | OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI. | ||
| CVE-2018-13010 | Hig | 0.57 | 8.8 | 0.01 | Jun 29, 2018 | WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. | ||
| CVE-2018-11447 | — | Hig | 0.57 | 8.8 | 0.01 | Jun 26, 2018 | A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by… | |
| CVE-2018-1000506 | Hig | 0.57 | 8.8 | 0.01 | Jun 26, 2018 | Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via… |
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.
- risk 0.57cvss 8.8epss 0.01
CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious…
- risk 0.57cvss 8.8epss 0.01
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a…
- risk 0.57cvss 8.8epss 0.01
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run…
- risk 0.57cvss 8.8epss 0.01
In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.
- risk 0.57cvss 8.8epss 0.00
Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2.
- risk 0.57cvss 8.8epss 0.01
The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.
- risk 0.57cvss 8.8epss 0.01
Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request.
- risk 0.57cvss 8.8epss 0.01
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.
- risk 0.57cvss 8.8epss 0.01
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.
- risk 0.57cvss 8.8epss 0.00
CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.
- risk 0.57cvss 8.8epss 0.01
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.
- risk 0.57cvss 8.8epss 0.01
WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account.
- risk 0.57cvss 8.8epss 0.01
A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by…
- risk 0.57cvss 8.8epss 0.01
Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via…