Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2019-03-12 CVE-2019-5924 Cross-Site Request Forgery (CSRF) vulnerability in Rednao Smart Forms
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
network
low complexity
rednao CWE-352
8.8
8.8
2019-03-12 CVE-2019-5920 Cross-Site Request Forgery (CSRF) vulnerability in Ncrafts Formcraft
Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
network
ncrafts CWE-352
6.8
6.8
2019-03-11 CVE-2019-9688 Cross-Site Request Forgery (CSRF) vulnerability in Sftnow
sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account.
network
sftnow CWE-352
6.8
6.8
2019-03-11 CVE-2019-9652 Cross-Site Request Forgery (CSRF) vulnerability in Sdcms 1.7
There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request.
network
sdcms CWE-352
6.8
6.8
2019-03-07 CVE-2019-9598 Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1
An issue was discovered in Cscms 4.1.0.
network
chshcms CWE-352
4.3
4.3
2019-03-07 CVE-2019-8437 Cross-Site Request Forgery (CSRF) vulnerability in Njiandan-Cms Project Njiandan-Cms 20130522/20130523
njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator. 		6.8
6.8
2019-03-07 CVE-2019-6710 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nbg-418N Firmware 1.00(Aaxm.6)C0
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
network
zyxel CWE-352
6.8
6.8
2019-03-07 CVE-2018-18449 Cross-Site Request Forgery (CSRF) vulnerability in Phome Empirecms 7.5
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
network
phome CWE-352
6.8
6.8
2019-03-07 CVE-2018-17429 Cross-Site Request Forgery (CSRF) vulnerability in Jtbc 3.0
/console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account.
network
jtbc CWE-352
6.8
6.8
2019-03-07 CVE-2019-9625 Cross-Site Request Forgery (CSRF) vulnerability in Directadmin 1.55
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account. 		6.8
6.8