Lucene search
+L

245 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 10:47 p.m.8 views

CVE-2008-0723

Cross-site scripting XSS vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1...

4.3CVSS5.8AI score0.01867EPSS
Exploits2References1
Drupal
Drupal
added 2025/04/23 12:0 a.m.44 views

Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046

This module provides support for creating searches using the Apache Solr search engine and the Search API Drupal module. The module doesn't sufficiently protect certain routes from CSRF attacks. This vulnerability is mitigated by the fact that a site admin would have to perform further steps afte...

4.3CVSS6.8AI score0.0014EPSS
Exploits0References2
OSV
OSV
added 2025/04/09 6:15 a.m.4 views

CVE-2024-6860

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack...

4.3CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2025/04/09 6:15 a.m.5 views

CVE-2024-6857

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack...

4.3CVSS7.3AI score0.00185EPSS
Exploits1References1
OSV
OSV
added 2025/01/25 9:15 a.m.4 views

CVE-2024-13449

The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bfadminaction' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to updat...

4.3CVSS7.3AI score
Exploits0References3
OSV
OSV
added 2025/01/21 10:15 a.m.4 views

CVE-2024-12005

The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wpbibtexoptionpage function. This makes it possible for unauthenticated attackers to inject malicious web scripts...

6.1CVSS5.7AI score0.00178EPSS
Exploits0References4
OSV
OSV
added 2025/01/16 4:15 p.m.2 views

CVE-2024-57611

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via admin/doAdminAction.php?act=editShop&shopId...

3.5CVSS5.8AI score0.00149EPSS
Exploits1References1
OSV
OSV
added 2024/12/26 10:15 a.m.3 views

CVE-2024-12946

A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/adminaction.php. The manipulation of the argument adminusername leads to sql injection. The attack may be...

9.8CVSS5.8AI score0.00572EPSS
Exploits1References5
OSV
OSV
added 2024/12/26 7:15 a.m.5 views

CVE-2024-12940

A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/studentaction.php. The manipulation of the argument studentid leads to sql injection. The attack can be initiated...

9.8CVSS5.8AI score0.0065EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.9 views

PT-2024-17811 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical vulnerability has been found in the 1000 Projects Attendance Tracking Management System. This issue affects unknown code of the file /admin/student...

9.8CVSS8AI score0.0065EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.8 views

PT-2024-17817 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical issue has been found in the 1000 Projects Attendance Tracking Management System, affecting some unknown processing of the file /admin/admin action.php. Th...

9.8CVSS7.9AI score0.00572EPSS
Exploits1References15
OSV
OSV
added 2024/11/18 6:15 a.m.5 views

CVE-2024-5030

The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

3.8CVSS5.8AI score0.00194EPSS
Exploits1References1
OSV
OSV
added 2024/11/08 4:15 p.m.3 views

CVE-2024-50966

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/doAdminAction.php?act=addAdmin...

9.3CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.10 views

PT-2024-34476 · Unknown · Dingfanzu Cms

Name of the Vulnerable Software and Affected Versions: dingfanzu CMS version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/doAdminAction.php?act=addAdmin component. This allows for attacker-controlled admin creation, resulting in unauthorized privileged...

9.3CVSS6.9AI score0.00254EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/11/08 12:0 a.m.7 views

dingfanzu 安全漏洞

dingfanzu is a php based takeaway ordering website by gk2007 individual developer. A security vulnerability exists in dingfanzu version V1.0, which originates from the /admin/doAdminAction.php?act=addAdmin component that contains a cross-site request forgery vulnerability...

9.3CVSS6.7AI score0.00254EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/08 12:0 a.m.13 views

CVE-2024-50966

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/doAdminAction.php?act=addAdmin...

7.5AI score0.00254EPSS
Exploits1References1
CVE
CVE
added 2024/11/08 12:0 a.m.92 views

CVE-2024-50966

CVE-2024-50966 affects dingfanzu CMS v1.0 via the /admin/doAdminAction.php?act=addAdmin endpoint, where a CSRF flaw allows attacker-controlled creation of admin accounts, yielding unauthorized privileged access. Root cause: CSRF in admin-action handling. Impact: high confidentiality and integrity...

9.3CVSS7.6AI score0.00254EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/10/28 3:15 p.m.5 views

CVE-2024-48291

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/doAdminAction.php?act=editAdmin&id=17...

6.3CVSS5.8AI score0.0017EPSS
Exploits1References1
NVD
NVD
added 2024/10/28 3:15 p.m.26 views

CVE-2024-48291

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF via /admin/doAdminAction.php?act=editAdmin&id=17...

6.3CVSS0.0017EPSS
Exploits1References1
OSV
OSV
added 2024/10/28 2:15 p.m.4 views

CVE-2024-48191

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/doAdminAction.php?act=delAdmin&id=17...

6.3CVSS5.8AI score0.00174EPSS
Exploits1References1
Rows per page
Query Builder