130 matches found
Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...
GHSA-P5VX-9HJ8-CF4H Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...
CVE-2024-7035
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...
CVE-2024-7035 Cross-Site Request Forgery (CSRF) in open-webui/open-webui
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...
CVE-2024-7035 Cross-Site Request Forgery (CSRF) in open-webui/open-webui
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...
CVE-2024-7035
The CVE-2024-7035 issue affects open-webui/open-webui (v0.3.8). The underlying problem is CSRF because sensitive actions (delete/reset) are invoked via GET requests. Affected endpoints include /rag/api/v1/reset, /rag/api/v1/reset/db, /api/v1/memories/reset, and /rag/api/v1/reset/uploads, impactin...
CVE-2024-7035 Cross-Site Request Forgery (CSRF) in open-webui/open-webui
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...
PT-2025-7190 · Unknown · Shambhu Patnaik Rss Filter
Name of the Vulnerable Software and Affected Versions: Shambhu Patnaik RSS Filter versions n/a through 1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...
PT-2024-36274 · Unknown · Phuc Pham Multiple Admin Emails
Name of the Vulnerable Software and Affected Versions: Phuc Pham Multiple Admin Emails versions n/a through 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This affects the multiple admin emails functionality...
PT-2024-33431 · Unknown · Cooked Pro
Name of the Vulnerable Software and Affected Versions: Cooked Pro versions prior to 1.8.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. This problem involves CSRF attacks. Recommendations: For versions prior to 1.8.0, update to...
Kashipara Music Management System 安全漏洞
Kashipara Music Management System is a music management system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Music Management System v1.0, which can be exploited by an attacker to spoof a malicious request and trick a victim into clicking on it to perform a...
Kashipara Hotel Management System 安全漏洞
Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Hotel Management System v1.0, which can be exploited by an attacker to forge a malicious request and trick a victim into clicking on it to perform a...
Kliqqi CMS 安全漏洞
Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminbackup.php?dobackup=avatars do not adequately verify that the request is from a trusted user , an attacker...
Warehouse Inventory System 安全漏洞
Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the editproduct.php component not adequately verifying that a request comes from a trust...
SUSE CVE-2024-4215
pgAdmin = 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account's username and password may authenticate to the application and perform sensitive actions within the application, such as managing files an...
CVE-2024-4215 The Multi Factor Authentication bypass vulnerability in pgAdmin 4
pgAdmin = 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files an...
CVE-2024-4215 The Multi Factor Authentication bypass vulnerability in pgAdmin 4
pgAdmin = 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files an...
PT-2024-9759
Name of the Vulnerable Software and Affected Versions pgAdmin versions = 8.5 Description The issue exists due to the incorrect implementation of multi-factor authentication in the pgAdmin database management tool. This allows a remote attacker to gain unauthorized access to the application and...
PT-2024-12695 · Unknown · Com.Evenwell.Fqc
Name of the Vulnerable Software and Affected Versions: com.evenwell.fqc version 9.0208.01 com.evenwell.fqc version 9.0209.13 com.evenwell.fqc version 9.0212.03 Description: The vulnerability in the com.evenwell.fqc app allows local third-party apps to execute arbitrary shell commands in its conte...
WordPress Plugin LifterLMS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...