5 matches found
CVE-2026-29788
The CVE affects TSPortal (WikiTide Foundation) prior to version 30, where converting empty strings to null allowed disguising DPA reports as self-deletion reports. Root cause is the faulty normalization of empty fields in the report handling flow. Impact described includes confidentiality/availab...
CVE-2015-1874
Cross-site request forgery CSRF vulnerability in the Contact Form DB aka CFDB and contact-form-7-to-database-extension plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the...
CVE-2013-5954
Multiple cross-site request forgery CSRF vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete 1 users via admin/agency-user-unlink.php, 2 advertisers via admin/advertiser-delete.php, 3 banners via...
CVE-2012-2080
Cross-site request forgery CSRF vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitnumber permission for requests that delete limits...
Plague News System 0.7 - delete.php Access Restriction Bypass
Plague News System 0.7 - delete.php Access Restriction Bypass source: https://www.securityfocus.com/bid/14139/info Plague News System is prone to an access restriction bypass vulnerability. The issue exists due to a lack of sanity checks performed by 'delete.php' on deletion requests passed to th...