Lucene search
K

18 matches found

Vulnrichment
Vulnrichment
added 2026/01/29 7:2 p.m.5 views

CVE-2026-1453 Missing Authentication for Critical Function in KiloView Encoder Series

A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product...

9.8CVSS5.9AI score0.00495EPSS
Exploits0References2
NVD
NVD
added 2025/11/19 4:15 p.m.5 views

CVE-2025-63223

The Axel Technology StreamerMAX MK II devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

9.8CVSS0.00698EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-10052

Malware in sbrugna...

6.5CVSS6.5AI score0.00425EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-51553

Malicious code in bioql PyPI...

6.5CVSS9.1AI score0.00224EPSS
Exploits0References3
CNVD
CNVD
added 2025/09/25 12:0 a.m.4 views

E-Commerce Website Website /pages/admin_account_delete.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the file /pages/adminaccountdelete.php for externally entered SQL statements. An attacker can exploit this vulnerabilit...

9.8CVSS8.2AI score0.00543EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 p.m.9 views

CVE-2020-8425

Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php...

6.5CVSS6.9AI score0.01233EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/02/07 5:51 p.m.16 views

CVE-2024-13356

The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the userremoveform.php file. This makes it possible for unauthenticated attackers to delete admin user...

6.5CVSS6.4AI score0.00224EPSS
Exploits0References1
CVE
CVE
added 2025/02/04 9:21 a.m.57 views

CVE-2024-13356

The CVE CVE-2024-13356 affects DSGVO All in one for WP (WordPress) plugins up to version 4.6. The root cause is missing/invalid nonce validation in user_remove_form.php, enabling Cross-Site Request Forgery that can allow unauthenticated attackers to delete admin accounts if a site admin is tricke...

6.5CVSS6.5AI score0.00224EPSS
Exploits0References3Affected Software1
Exploit DB
Exploit DB
added 2023/06/13 12:0 a.m.310 views

Online Examination System Project 1.0 - Cross-site request forgery (CSRF)

Exploit Title: Online Examination System Project 1.0 - Cross-site request forgery CSRF Google Dork: n/a Date: 09/06/2023 Exploit Author: Ramil Mustafayev kryptohaker Vendor Homepage: https://github.com/projectworldsofficial/online-examination-systen-in-php Software Link:...

7.4AI score
Exploits0
CVE
CVE
added 2023/05/08 12:0 a.m.41 views

CVE-2020-22334

CVE-2020-22334 describes a CSRF vulnerability in beescms v4 that enables an attacker to delete the administrator account via a crafted request to /admin/admin_admin.php. The cited CVSS 3.1 entry (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) scores 6.5 (Medium). Exploitation details are not provided in th...

6.5CVSS6.5AI score0.00367EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/01/24 8:1 a.m.53 views

CVE-2021-25073

CVE-2021-25073 affects the WP125 WordPress plugin prior to version 1.5.5. The root cause is missing CSRF checks in multiple actions (e.g., deleting an ad), which enables an attacker to induce a logged-in administrator to perform unwanted deletions via CSRF. Documents describe an exploitation path...

8.8CVSS8.6AI score0.00683EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/08/30 4:4 p.m.22 views

CVE-2020-18123

A cross-site request forgery CSRF vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts...

6.5AI score0.00425EPSS
Exploits1References1
CVE
CVE
added 2021/08/30 4:4 p.m.40 views

CVE-2020-18123

The CVE-2020-18123 entries describe a CSRF vulnerability in Indexhibit 2.1.5 that allows an attacker to arbitrarily delete administrator accounts. Affected software: Indexhibit 2.1.5 (web-based CMS). Underlying issue: cross-site request forgery enabling unauthorized admin deletion. Impact: admini...

6.5CVSS6.4AI score0.00425EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2020/01/28 11:15 p.m.13 views

CVE-2020-8425

Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php...

6.5CVSS6.5AI score0.01233EPSS
Exploits5References2
CVE
CVE
added 2020/01/28 10:10 p.m.98 views

CVE-2020-8425

CVE-2020-8425 affects Cups Easy (Purchase & Inventory) 1.0 web application. The vulnerability is a Cross-Site Request Forgery (CSRF) that can lead to admin account deletion via userdelete.php (and related password-reset/administration actions) as described in multiple sources. Exploitation detail...

6.5CVSS7.4AI score0.01233EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2020/01/28 10:10 p.m.21 views

CVE-2020-8425

Cups Easy Purchase & Inventory 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php...

7AI score0.01233EPSS
Exploits5References2
seebug.org
seebug.org
added 2014/03/26 12:0 a.m.32 views

Discuz! X2.5 / X3 / X3.1 可CSRF删管理员账号

简要描述: 接着上次的漏洞来…… 详细说明: 上次那个漏洞: WooYun: Discuz! X2.5 / X3 / X3.1中CSRF攻击防御可被绕过 你们回复说是程序员认为不需要校验才这么设置……那这回应该算是你设计问题了吧 后台删除用户页面只是单纯做了submitcheck'submit', 1,按之前的说明,程序这里没有判断formhash,也就是说可以用于CSRF 不过利用这个漏洞前提是要管理员登陆了后台,不过这个不会很麻烦吧(比如故意加点关键字进审核然后让管理员触发神马的,实在不行还能发帖钓鱼) 漏洞证明: 发帖插入 Discuz! 代码:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/01/24 12:0 a.m.29 views

SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Exploit Title: Silverstripe = 2.3.5 Cross Site Request Forgery & Open Redirection. Date: 12/01/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.com | www.DigitalWhisper.co.il Vendor: www.silverstripe.org | Version: 2.0.0 Tested on: PHP Open Redirection: OWASP: An open redirect is an application that...

7.4AI score
Exploits0
Rows per page
Query Builder