CVE-2026-40926 WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and...

CVE-2026-40926 WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and...

WWBN AVideo has Multiple CSRF Vulnerabilities in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

Summary Three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and perform state-changing actions against the database without calling...

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of certain admin JSON endpoints, specifically categoryAddNew.json.php, categoryDelete.json.php, and...

CVE-2026-33914 OpenEMR has SQL Injection in PostCalendar Category Delete

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

CVE-2026-33914 OpenEMR has SQL Injection in PostCalendar Category Delete

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

CVE-2026-33914 OpenEMR has SQL Injection in PostCalendar Category Delete

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

EUVD-2008-7140

Malware in sbrugna...

GHSA-MWVQ-GC5W-M78F Cross-Site Request Forgery in JFinalCMS via /admin/category/delete

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/category/delete...

CVE-2023-49398

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/category/delete...

CVE-2023-49398

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/category/delete...

CVE-2023-49398

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/category/delete...

PT-2023-31204 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: A Cross-Site Request Forgery CSRF issue was discovered in JFinalCMS, which can be exploited via the /admin/category/delete API endpoint. This allows an attacker to perform unauthorized actions on the...

JFinalCMS Security Vulnerability

JFinalCMS is a content management system developed by heyewei. A security vulnerability exists in JFinalCMS v5.0.0, which originates from a cross-site request forgery vulnerability in the /admin/category/delete component...

CVE-2023-48063

An issue was discovered in dreamercms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete...

CVE-2023-48063

An issue was discovered in dreamercms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete...

Dreamer CMS Security Vulnerability

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version 4.1.3, which stems from a cross-site request forgery CSRF vulnerability. The vulnerability can be exploited by an attacker to delete a theme...

IBOS SQL注入漏洞

IBOS is a collaborative office management system. An SQL injection vulnerability exists in IBOS OA version 4.5.5, which stems from the fact that the file ?r=article/category/del causes sql injection...

CVE-2018-15568

tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html...

tp5cms Cross-Site Request Forgery Vulnerability

tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A cross-site request forgery vulnerability exists in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit this vulnerability to delete...