Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-20	CVE-2018-1661	Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. network low complexity ibm CWE-352	8.8
2018-12-19	CVE-2018-20231	Cross-Site Request Forgery (CSRF) vulnerability in Simbahosting Two-Factor-Authentication Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation. network low complexity simbahosting CWE-352	8.8
2018-12-18	CVE-2018-19829	Cross-Site Request Forgery (CSRF) vulnerability in Artica Integria IMS 5.0.83 Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. network low complexity artica CWE-352	6.5
2018-12-18	CVE-2018-18921	Cross-Site Request Forgery (CSRF) vulnerability in PHPservermonitor PHP Server Monitor PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action. network low complexity phpservermonitor CWE-352	6.5
2018-12-17	CVE-2018-20188	Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4.3 FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. network low complexity thedaylightstudio CWE-352	8.8
2018-12-17	CVE-2018-18246	Cross-Site Request Forgery (CSRF) vulnerability in Icinga web 2 Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module. network low complexity icinga CWE-352	6.5
2018-12-12	CVE-2018-1926	Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. network low complexity ibm CWE-352	8.8
2018-12-11	CVE-2018-19969	Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. network low complexity phpmyadmin CWE-352	8.8
2018-12-10	CVE-2018-20015	Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.2 YzmCMS v5.2 has admin/role/add.html CSRF. network low complexity yzmcms CWE-352	8.8
2018-12-06	CVE-2018-19923	Cross-Site Request Forgery (CSRF) vulnerability in Sales & Company Management System Project Sales & Company Management System 20180606 An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. network low complexity sales-company-management-system-project CWE-352	8.8