Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-02-15 CVE-2019-0267 Cross-Site Request Forgery (CSRF) vulnerability in SAP Manufacturing Integration and Intelligence 15.0/15.1/15.2
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens.
network
low complexity
sap CWE-352
8.8
8.8
2019-02-15 CVE-2019-8347 Cross-Site Request Forgery (CSRF) vulnerability in Beescms 4.0
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.
network
low complexity
beescms CWE-352
8.8
8.8
2019-02-11 CVE-2019-7738 Cross-Site Request Forgery (CSRF) vulnerability in C.P.Sub Project C.P.Sub 5.1/5.2
C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI.
network
low complexity
c-p-sub-project CWE-352
6.5
6.5
2019-02-11 CVE-2019-7737 Cross-Site Request Forgery (CSRF) vulnerability in Verydows 2.0
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit.
network
low complexity
verydows CWE-352
8.8
8.8
2019-02-11 CVE-2019-7730 Cross-Site Request Forgery (CSRF) vulnerability in Mywebsql 3.7
MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.
network
low complexity
mywebsql CWE-352
5.7
5.7
2019-02-11 CVE-2018-20780 Cross-Site Request Forgery (CSRF) vulnerability in Traq 3.7.1
Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1).
network
low complexity
traq CWE-352
8.8
8.8
2019-02-07 CVE-2019-7570 Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.3.6
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
network
low complexity
pbootcms CWE-352
6.5
6.5
2019-02-07 CVE-2019-7569 Cross-Site Request Forgery (CSRF) vulnerability in Wdoyo Doyo 2.3
An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update).
network
low complexity
wdoyo CWE-352
8.8
8.8
2019-02-07 CVE-2019-7566 Cross-Site Request Forgery (CSRF) vulnerability in Cszcms CSZ CMS 1.1.8
CSZ CMS 1.1.8 has CSRF via admin/users/new/add.
network
low complexity
cszcms CWE-352
8.8
8.8
2019-02-06 CVE-2019-1003022 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Monitoring 1.73.0/1.73.1/1.74.0
A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master.
network
low complexity
jenkins CWE-352
6.5
6.5