VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 24 of 286
  • CVE-2018-14069HigJul 15, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.

  • CVE-2018-14068HigJul 15, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.

  • CVE-2016-6578HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.01

    CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious…

  • CVE-2016-6557HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.01

    In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a…

  • CVE-2018-1000206HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.01

    JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run…

  • CVE-2018-14014HigJul 12, 2018
    risk 0.57cvss 8.8epss 0.01

    In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.

  • CVE-2018-13793HigJul 9, 2018
    risk 0.57cvss 8.8epss 0.00

    Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login.

  • CVE-2018-13445HigJul 8, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add.

  • CVE-2018-13444HigJul 8, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2.

  • CVE-2018-11349HigJul 7, 2018
    risk 0.57cvss 8.8epss 0.01

    The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.

  • CVE-2018-13340HigJul 5, 2018
    risk 0.57cvss 8.8epss 0.01

    Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request.

  • CVE-2018-13031HigJul 5, 2018
    risk 0.57cvss 8.8epss 0.01

    DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.

  • CVE-2018-11636HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.

  • CVE-2018-13067HigJul 2, 2018
    risk 0.57cvss 8.8epss 0.01

    /upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.

  • CVE-2018-12574HigJul 2, 2018
    risk 0.57cvss 8.8epss 0.00

    CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.

  • CVE-2018-12529HigJul 2, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.

  • CVE-2018-13040HigJul 1, 2018
    risk 0.57cvss 8.8epss 0.01

    OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.

  • CVE-2018-13010HigJun 29, 2018
    risk 0.57cvss 8.8epss 0.01

    WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account.

  • CVE-2018-11447HigJun 26, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by…

  • CVE-2018-1000506HigJun 26, 2018
    risk 0.57cvss 8.8epss 0.01

    Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via…