96 matches found
BIT-JOOMLA-2020-15700
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...
BIT-JOOMLA-2020-15695
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...
BIT-JOOMLA-2020-13760
In Joomla! before 3.9.19, missing token checks in compostinstall lead to CSRF...
BIT-JOOMLA-2020-10241
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of comtemplates lead to CSRF...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the absence of CSRF token validation. An attacker can compromise account settings and data integrity by crafting malicious requests that can trigger state-changing operations on behalf of an...
PT-2024-10907 · Unknown · Socifi Guest Wifi
Name of the Vulnerable Software and Affected Versions: Socifi Guest wifi as SAAS affected versions not specified Description: The issue concerns a Cross Site Request Forgery CSRF vulnerability via the Socifi wifi portal. The application lacks a CSRF token and request validation, allowing an...
VulnCheck KEV: CVE-2012-2626
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action...
UBUNTU-CVE-2024-34007
The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF...
PT-2024-25629 · Unknown +2 · Admin Preset Tool +2
Name of the Vulnerable Software and Affected Versions: Admin preset tool affected versions not specified Description: The issue is related to a CSRF risk due to the absence of a necessary token in actions within the admin preset tool. Recommendations: At the moment, there is no information about ...
PT-2024-25636 · Moodle +2 · Moodle +2
Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue concerns a CSRF risk in the admin management of analytics models due to the lack of a necessary token. This could allow unauthorized actions on behalf of users. Recommendations: At...
PT-2024-40115 · Sylius · Sylius
Name of the Vulnerable Software and Affected Versions: Sylius versions 1.0.0 through 1.0.16 Sylius versions 1.1.0 through 1.1.8 Sylius versions 1.2.0 through 1.2.1 Description: The issue affects certain actions in the admin panel that did not require a CSRF token, including marking order's paymen...
CVE-2023-38315
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a trytoauthenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Service...
CVE-2022-3372
There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel,...
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...
PT-2023-21658 · Moodle +6 · Moodle +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue is related to a link used to reset all templates of a database activity, which did not include the necessary token to prevent a CSRF risk. This could potentially allow...
imcat 跨站请求伪造漏洞
Imcat is a PHP-based open source website building system. A security vulnerability exists in version 5.4 of imcat, which stems from the presence of cross-site request forgery, which can be exploited by a remote attacker to elevate privileges through the lack of token authentication...
Joomla! 跨站请求伪造漏洞
Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! versions 4.0.0 through 4.2.6, which stems from a missing token check. An attacker can exploit this vulnerability to perform cross-site request forgery attacks...
PT-2023-32995 · Unknown · Csrfcomponent
Name of the Vulnerable Software and Affected Versions: CsrfComponent affected versions not specified Description: The issue is related to the CsrfComponent, which fails to invalidate requests that are missing both the CSRF token and CSRF post data. Recommendations: At the moment, there is no...
Webmin 跨站请求伪造漏洞
Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community.Webmin version 1.973 is vulnerable to cross-site request forgery, which stems from the lack of token validation for cross-site request forgery in the scheduled Cron job function. An...
Webmin 跨站请求伪造漏洞
Webmin is the Webmin community's set of Web-based system administration tools for Unix-like operating systems. A cross-site request forgery vulnerability exists in Webmin version 1.973, which stems from a lack of token validation for cross-site request forgery in the upload and download functions...