Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/05/29 2:46 p.m.34 views

CVE-2018-25397 PHP-SHOP 1.0 Cross-Site Request Forgery via users.php

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

6.9CVSS0.00162EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/16 3:28 p.m.9 views

EUVD-2020-31233

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts...

6.9CVSS5.8AI score0.00146EPSS
Exploits0References4
CVE
CVE
added 2026/03/17 7:29 a.m.18 views

CVE-2026-4312

Affected product: DrangSoft GCB/FCB Audit Software. Vulnerability: Missing Authentication, enabling unauthenticated remote attackers to directly access APIs and create a new administrative account. Impact/risks: High impact on confidentiality, integrity, and availability as per CVSS metrics (CRIT...

9.8CVSS5.9AI score0.0045EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/06 3:31 p.m.4 views

EUVD-2018-21652

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

6.9CVSS5.7AI score0.00155EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/06 9:11 a.m.52 views

CVE-2026-3589 WooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRF

The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allow unauthenticated users to make a logged in admin call non store/WC REST endpoints, and create arbitrary admin users via a CSRF attack for example...

0.00126EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.10 views

WordPress Plugin 'LA Studio Element Kit for Elementor' < 1.6.0 Unauthenticated Privilege Escalation via Backdoor

The WordPress application running on the remote host has a version of the 'LA Studio Element Kit for Elementor' plugin that is prior to 1.6.0. It is, therefore, affected by an unauthenticated privilege escalation vulnerability. The plugin contains a backdoor that allows unauthenticated attackers ...

9.8CVSS5.9AI score0.01078EPSS
Exploits5References3
NVD
NVD
added 2026/02/03 10:16 p.m.6 views

CVE-2020-37091

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...

5.3CVSS0.0015EPSS
Exploits0References3
OSV
OSV
added 2018/10/17 10:29 p.m.3 views

CVE-2018-0417

A vulnerability in TACACS authentication with Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific...

7.8CVSS5.9AI score0.03163EPSS
Exploits0References3
Rows per page
Query Builder