245 matches found
CVE-2008-0723
Cross-site scripting XSS vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1...
Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046
This module provides support for creating searches using the Apache Solr search engine and the Search API Drupal module. The module doesn't sufficiently protect certain routes from CSRF attacks. This vulnerability is mitigated by the fact that a site admin would have to perform further steps afte...
CVE-2024-6860
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack...
CVE-2024-6857
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack...
CVE-2024-13449
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bfadminaction' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to updat...
CVE-2024-12005
The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wpbibtexoptionpage function. This makes it possible for unauthenticated attackers to inject malicious web scripts...
CVE-2024-57611
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via admin/doAdminAction.php?act=editShop&shopId...
CVE-2024-12946
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/adminaction.php. The manipulation of the argument adminusername leads to sql injection. The attack may be...
CVE-2024-12940
A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/studentaction.php. The manipulation of the argument studentid leads to sql injection. The attack can be initiated...
PT-2024-17811 · Unknown · 1000 Projects Attendance Tracking Management System
Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical vulnerability has been found in the 1000 Projects Attendance Tracking Management System. This issue affects unknown code of the file /admin/student...
PT-2024-17817 · Unknown · 1000 Projects Attendance Tracking Management System
Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical issue has been found in the 1000 Projects Attendance Tracking Management System, affecting some unknown processing of the file /admin/admin action.php. Th...
CVE-2024-5030
The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2024-50966
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/doAdminAction.php?act=addAdmin...
PT-2024-34476 · Unknown · Dingfanzu Cms
Name of the Vulnerable Software and Affected Versions: dingfanzu CMS version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/doAdminAction.php?act=addAdmin component. This allows for attacker-controlled admin creation, resulting in unauthorized privileged...
dingfanzu 安全漏洞
dingfanzu is a php based takeaway ordering website by gk2007 individual developer. A security vulnerability exists in dingfanzu version V1.0, which originates from the /admin/doAdminAction.php?act=addAdmin component that contains a cross-site request forgery vulnerability...
CVE-2024-50966
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/doAdminAction.php?act=addAdmin...
CVE-2024-50966
CVE-2024-50966 affects dingfanzu CMS v1.0 via the /admin/doAdminAction.php?act=addAdmin endpoint, where a CSRF flaw allows attacker-controlled creation of admin accounts, yielding unauthorized privileged access. Root cause: CSRF in admin-action handling. Impact: high confidentiality and integrity...
CVE-2024-48291
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/doAdminAction.php?act=editAdmin&id=17...
CVE-2024-48291
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/doAdminAction.php?act=editAdmin&id=17...
CVE-2024-48191
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/doAdminAction.php?act=delAdmin&id=17...