96 matches found
PT-2020-14590 · Open Source Matters · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.9.19 and earlier Description: A missing token check in the remove request section of com privacy causes a CSRF issue. Recommendations: For versions 3.9.19 and earlier, update to a version that includes the fix for the missi...
Joomla! cross-site request forgery vulnerability (CNVD-2020-41803)
Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A security vulnerability exists in Joomla! versions prior to 3.9.19, which stems from a missing token check in compostinstall. The vulnerability can...
Cross site request forgery (csrf)
In Joomla! before 3.9.19, missing token checks in compostinstall lead to CSRF...
CVE-2020-12257
rConfig 3.9.4 is vulnerable to cross-site request forgery CSRF because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form add a user, delete a user, or edit a user...
[20200703] - Core - CSRF in com_privacy remove-request feature
A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...
CVE-2020-10241
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of comtemplates lead to CSRF...
CVE-2020-10241
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of comtemplates lead to CSRF...
CVE-2020-8419
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities...
Joomla 3.2.x < 3.9.13 Multiple Vulnerabilities (5780-joomla-3-9-13)
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.2.x prior to 3.9.13. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in Joomla! before 3.9.13. A missing token check in comtemplate causes a CSRF vulnerability...
CVE-2019-18650
An issue was discovered in Joomla! before 3.9.13. A missing token check in comtemplate causes a CSRF vulnerability...
[20191001] - Core - CSRF in com_template overrides view
A missing token check in comtemplate causes a CSRF vulnerability...
CVE-2018-19525
An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1TRUNK-20180914.bin devices. There is CSRF via /ui/?g=objkeywordsadd and /ui/?g=objkeywordsaddsave with resultant XSS because of a lack of csrf token validation...
phpMyFAQ Cross-Site Request Forgery Vulnerability (CNVD-2018-17637)
phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...
CSRF Vulnerability in Cicada CMS 6.2
Cicada Knowledge Enterprise Portal System is an open source and free enterprise portal system. CSRF vulnerability exists in Cicada Knowledge cms version 6.2. The vulnerability stems from the lack of token validation on the background page of Cicada Knowledge cms, which leads to the triggering of...
CSRF Cross-site Request Forgery Vulnerability at Add Administrator of Rice Shell Enterprise Website Builder 2016 Official Version
Rice Shell Enterprise Building System is an enterprise building and content management system. CSRF cross-site request forgery vulnerability exists in Rice Shell Enterprise Website Builder System 2016 Official VersionAdd Administrator. As the packet of the add administrator operation is not token...
phpyun csrf修改用户密码
简要描述: phpyun csrf修改用户密码 详细说明: 更新用户信息的请求没有防御csrf。可以修改用户的邮箱。而重置密码功能是选择用户信息中的邮箱发送找回验证码。结合利用。 修改用户信息的请求为:...