4 matches found
CVE-2020-37091 Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...
The vulnerability of the client request handler of the security access control system, IED Siemens RUGGEDCOM CROSSBOW, allows a perpetrator to enhance their privileges.
The vulnerability of the client request handler of the Siemens RUGGEDCOM CROSSBOW access control system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges by adding user accounts to administrative groups...
CVE-2020-21139
EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add...
sftnow Cross-Site Request Forgery Vulnerability
sftnow is an enterprise portal system which includes news category management, release management and permission management. A cross-site request forgery vulnerability exists in sftnow 2018-12-29 and earlier versions, which can be exploited by remote attackers to add admin accounts...