Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,347 vulnerabilities with CWE-352

CVE-2024-40332 HIGH

idccms v1.35 - Cross-Site Request Forgery via /admin/moneyRecord_deal.php

CVE-2024-40331 HIGH

idccms v1.35 - Cross-Site Request Forgery via /admin/dbBakMySQL_deal.php

CVE-2024-40334 HIGH

idccms v1.35 - Cross-Site Request Forgery via /admin/serverFile_deal.php

CVE-2024-40329 HIGH

idccms v1.35 - Cross-Site Request Forgery via /admin/softBak_deal.php

CVE-2024-40328 MEDIUM

idccms v1.35 - Cross-Site Request Forgery via /admin/memberOnline_deal.php

CVE-2024-28828 HIGH

Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, <= 2.0.0p39 - Cross-Site Request Forgery

CVE-2024-3798 HIGH

Phoniebox <=2.7 - Command Execution via file GET Parameter

CVE-2024-36452 LOW

Webmin < 2.003 - Cross-Site Request Forgery in ajaxterm Module

CVE-2024-39063 HIGH

LimeSurvey <= 6.5.12 - Cross-Site Request Forgery via GET Request

CVE-2024-40039 HIGH

idccms v1.35 - Cross-Site Request Forgery via /admin/userGroup_deal.php

CVE-2024-40038 MEDIUM

idccms v1.35 - Cross-Site Request Forgery via /admin/userScore_deal.php?mudi=rev

CVE-2024-40037 HIGH

idccms v1.35 - Cross-Site Request Forgery via /admin/userScore_deal.php

CVE-2024-40035 MEDIUM

idccms v1.35 - Cross-Site Request Forgery via /admin/userLevel_deal.php

CVE-2024-40034 HIGH

idccms v1.35 - Cross-Site Request Forgery via /admin/userLevel_deal.php

CVE-2024-27783 HIGH

Fortinet FortiAIOps 2.0.0 - Cross-Site Request Forgery via Malicious GET Requests

CVE-2024-6168 MEDIUM

Just Custom Fields <= 3.3.2 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-4100 MEDIUM

Pricing Table <= 2.0.1 - Cross-Site Request Forgery via ajax() Function

CVE-2024-6321 HIGH

ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload via options_page Function

CVE-2024-6320 HIGH

ScrollTo Top <= 1.2.2 - Unauthenticated Arbitrary File Upload via CSRF in options_page

CVE-2024-6317 HIGH

Contact Form 7 <= 4.1.2 - Unauthenticated CSRF to Arbitrary File Deletion

CVE-2024-6316 HIGH

Contact Form 7 <= 4.1.2 - Unauthenticated CSRF to Arbitrary File Upload

CVE-2024-6310 HIGH

Advanced AJAX Page Loader <2.7.7 - CSRF

CVE-2024-6309 HIGH

Attachment File Icons (AF Icons) <= 1.3 - Unauthenticated Arbitrary File Upload via CSRF

CVE-2024-37923 MEDIUM

Cliengo - Chatbot <= 3.0.4 - Cross-Site Request Forgery

CVE-2024-40603 MEDIUM

MediaWiki < 1.42.1 - Cross-Site Request Forgery via Special:ChangeRating

Previous Page 120 of 374 Next

Details

Vulnerabilities 9,347

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy