Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-27 | CVE-2020-21236 | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie. | 8.8 |
| 2021-12-27 | CVE-2020-20943 | Cross-Site Request Forgery (CSRF) vulnerability in Qibosoft 7.0 A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL. | 4.3 |
| 2021-12-27 | CVE-2020-20945 | Cross-Site Request Forgery (CSRF) vulnerability in Qibosoft 7.0 A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts. | 8.8 |
| 2021-12-22 | CVE-2020-20593 | Cross-Site Request Forgery (CSRF) vulnerability in Rockoa 1.9.8 A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. | 8.0 |
| 2021-12-22 | CVE-2020-20595 | Cross-Site Request Forgery (CSRF) vulnerability in Opms Project Opms 1.3 A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add. | 6.5 |
| 2021-12-22 | CVE-2021-36886 | Cross-Site Request Forgery (CSRF) vulnerability in Ciphercoin Contact Form 7 Database Addon Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). | 8.8 |
| 2021-12-22 | CVE-2021-43156 | Cross-Site Request Forgery (CSRF) vulnerability in Projectworlds Online Book Store Project in PHP 1.0 In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. | 6.5 |
| 2021-12-22 | CVE-2021-43158 | Cross-Site Request Forgery (CSRF) vulnerability in Projectworlds Online Shopping System in PHP 1.0 In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. | 4.3 |
| 2021-12-20 | CVE-2021-36887 | Cross-Site Request Forgery (CSRF) vulnerability in Tarteaucitron.Js - Cookies Legislation & Gdpr Project Tarteaucitron.Js - Cookies Legislation & Gdpr Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass". | 8.8 |
| 2021-12-16 | CVE-2021-26800 | Cross-Site Request Forgery (CSRF) vulnerability in User Management System in PHP Stored Procedure Project User Management System in PHP Stored Procedure 1.0 Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account. | 6.5 |