CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

PHP-SHOP 跨站请求伪造漏洞

PHP-SHOP is an online shopping system developed by joeyrush, based on PHP. Version 1.0 of PHP-SHOP has a cross-site request forgeing vulnerability. This vulnerability stems from the lack of verification of the request source, which may allow unauthenticated attackers to add administrative users...

6.9CVSS5.7AI score0.00016EPSS

Exploits0References3

NVD•added 2026/02/05 5:16 p.m.•4 views

CVE-2020-37118

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

5.1CVSS0.00023EPSS

Exploits0References6

CVE•added 2026/02/05 4:13 p.m.•4 views

CVE-2020-37118

CVE-2020-37118 affects P5 FNIP-8x16A FNIP-4xSH 1.0.20. The vulnerability is a cross-site request forgery that can perform administrative actions without user interaction by tricking an authenticated user into loading a crafted page (e.g., adding admin users, changing passwords, modifying configs)...

5.1CVSS5.2AI score0.00023EPSS

Exploits0References6

CVE•added 2026/01/06 3:52 p.m.•3 views

CVE-2020-36906

The connected documents jointly confirm a cross-site request forgery (CSRF) vulnerability in P5 FNIP-8x16A and FNIP-4xSH devices running version 1.0.20. The root cause is a CSRF flaw that allows an attacker to trigger administrative actions without user consent by forcing an authenticated user to...

5.3CVSS6.3AI score0.00031EPSS

Exploits1References7

Positive Technologies•added 2026/01/06 12:0 a.m.•3 views

PT-2026-1441

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

5.3CVSS6.7AI score0.00031EPSS

Exploits1References8

NVD•added 2025/12/24 8:15 p.m.•1 views

CVE-2019-25242

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by...

5.1CVSS0.00029EPSS

Exploits2References3

CVE•added 2025/12/24 7:27 p.m.•5 views

CVE-2019-25242

The CVE covers FaceSentry Access Control System version 6.4.8, where a cross-site request forgery (CSRF) vulnerability enables an attacker to perform administrative actions without user consent by persuading an authenticated user to load a crafted page. The vulnerability targets the web interface...

5.1CVSS6.3AI score0.00029EPSS

Exploits2References3Affected Software1

Vulnrichment•added 2025/12/24 7:27 p.m.•1 views

CVE-2019-25242 FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery via Web Interface

5.1CVSS5.8AI score0.00029EPSS

Exploits2References3

Packet Storm•added 2008/05/27 12:0 a.m.•18 views

roomphplanning15-user.txt

RoomPHPlanning v1.5 remote Arbitrary Add Admin Users Vulnerability + Script download :http://www.beaussier.com/roomphplanning/telecharge.php + Founded by : Stack + Greetz : All friends & muslims HaCkeRs... DESCRIPTION: RoomPHPlanning is vulnerable to add user whit go to link see down in colon Nom...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by