VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 253 of 286
  • CVE-2014-9524Jan 5, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified…

  • CVE-2014-9523Jan 5, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or…

  • CVE-2014-9276Jan 4, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with…

  • CVE-2010-5320Jan 3, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to…

  • CVE-2010-5319Jan 3, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via the what parameter to…

  • CVE-2014-9460Jan 2, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site…

  • CVE-2014-9459Jan 2, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin…

  • CVE-2014-9454Jan 2, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct…

  • CVE-2014-9441Jan 2, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site…

  • CVE-2014-9438Jan 2, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2)…

  • CVE-2014-9437Jan 2, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site…

  • CVE-2011-5316Jan 1, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action.

  • CVE-2011-5315Jan 1, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action.

  • CVE-2011-5311Jan 1, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the data[text] parameter.

  • CVE-2011-5306Jan 1, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action.

  • CVE-2011-5302Jan 1, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote attackers to hijack the authentication of administrators for requests that modify credentials.

  • CVE-2011-5300Jan 1, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin_ parameters.

  • CVE-2011-5298Jan 1, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that (1) modify credentials via the role parameter to users/create/, (2) modify rules via the terms field in…

  • CVE-2014-9431Dec 31, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi.

  • CVE-2014-8144Dec 31, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors.