CVE-2026-5779

An insecure direct object reference IDOR vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that 1 ban a user via the username parameter in a dobanuser action to modcp/banning.php or 2 unban a user, 3 modify...

CVE-2014-9438

Cross-site request forgery CSRF vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that 1 ban a user via the username parameter in a dobanuser action to modcp/banning.php or 2 unban a user, 3 modify...

CVE-2008-7221

RunCMS 1.6.1 is affected by a CSRF vulnerability that lets remote attackers hijack administrator sessions by sending crafted requests to system/admin.php, enabling (1) addition of new administrators or (2) modification of user profiles. The vulnerability is triggered through authenticated admin a...