55973 matches found
CVE-2020-24847
A Cross-Site Request Forgery CSRF vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in pageconfigadv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticate...
CVE-2020-24641
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative...
CVE-2020-24700
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring...
CVE-2020-24142
Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...
CVE-2020-24130
A cross site request forgery CSRF vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts...
CVE-2020-24147
Server-side request forgery SSR vulnerability in the WP Smart Import wp-smart-import plugin 1.0.0 for WordPress via the file field...
CVE-2020-24327
Server Side Request Forgery SSRF vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites...
CVE-2020-24710
Gophish before 0.11.0 allows SSRF attacks...
CVE-2020-17901
Cross-site request forgery CSRF in PbootCMS 1.3.2 allows attackers to change the password of a user...
CVE-2024-34958
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component admin/bannerdeal.php?mudi=add...
CVE-2024-41305
A Server-Side Request Forgery SSRF in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...
CVE-2024-41602
Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL...
CVE-2024-41570
An Unauthenticated Server-Side Request Forgery SSRF in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server...
CVE-2024-41603
Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the URI /admin/layout...
CVE-2024-39153
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/infodeal.php?mudi=del=news...
CVE-2024-39090
The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery CSRF to lead to Stored Cross-Site Scripting XSS. An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentiall...
CVE-2024-39063
Lime Survey = 6.5.12 is vulnerable to Cross Site Request Forgery CSRF. The YIICSRFTOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests...
CVE-2024-39023
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via admin/infodeal.php?mudi=add=close...
CVE-2024-39157
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/ipRecorddeal.php?mudi=del==1...
CVE-2024-39154
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/keyWorddeal.php?mudi=del=word...