Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2019-6282 Cross-Site Request Forgery (CSRF) vulnerability in Chinamobileltd Gpn2.4P21-C-Cn Firmware W2001En00
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
network
low complexity
chinamobileltd CWE-352
8.8
2019-03-21 CVE-2018-20648 Cross-Site Request Forgery (CSRF) vulnerability in CAR Rental Script Project CAR Rental Script 2.0.8
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.
network
low complexity
car-rental-script-project CWE-352
8.8
2019-03-21 CVE-2018-20644 Cross-Site Request Forgery (CSRF) vulnerability in Basic B2B Script Project Basic B2B Script 2.0.9
PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.
network
low complexity
basic-b2b-script-project CWE-352
8.8
2019-03-21 CVE-2018-20641 Cross-Site Request Forgery (CSRF) vulnerability in Entrepreneur JOB Portal Script Project Entrepreneur JOB Portal Script 3.0.1
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
8.8
2019-03-21 CVE-2018-20633 Cross-Site Request Forgery (CSRF) vulnerability in Advance B2B Script Project Advance B2B Script 2.1.4
PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
network
low complexity
advance-b2b-script-project CWE-352
8.8
2019-03-21 CVE-2018-19511 Cross-Site Request Forgery (CSRF) vulnerability in ENS Webgalamb 7.0
wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.
network
low complexity
ens CWE-352
6.5
2019-03-21 CVE-2018-17996 Cross-Site Request Forgery (CSRF) vulnerability in Layerbb 1.1.2
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_user/, and deleting content via mod/delete.php/.
network
low complexity
layerbb CWE-352
6.5
2019-03-14 CVE-2019-9787 Cross-Site Request Forgery (CSRF) vulnerability in Wordpress
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration.
network
low complexity
wordpress CWE-352
8.8
2019-03-14 CVE-2019-9769 Cross-Site Request Forgery (CSRF) vulnerability in Kartatopia Piluscart 1.4.1
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
network
low complexity
kartatopia CWE-352
8.8
2019-03-12 CVE-2019-5924 Cross-Site Request Forgery (CSRF) vulnerability in Rednao Smart Forms
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
network
low complexity
rednao CWE-352
8.8