CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,378 vulnerabilities with CWE-352
CVE-2019-9625 HIGH
DirectAdmin 1.55 - Cross-Site Request Forgery via CMD_ACCOUNT_ADMIN URI
CVSS 8.8
CVE-2019-9603 MEDIUM
MiniCMS 1.10 - Cross-Site Request Forgery via Article Deletion
CVSS 6.5
CVE-2019-6561 HIGH
Moxa IKS-G6824A Firmware < 4.5 and EDS Firmware < 3.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2019-9549 HIGH
PopojiCMS v2.0.1 - Cross-Site Request Forgery via User Addition Endpoint
CVSS 8.8
CVE-2019-9182 HIGH
ZZZCMS zzzphp V1.6.1 - Cross-Site Request Forgery via admin015/save.php
CVSS 8.8
CVE-2019-9062 HIGH
PHP Scripts Mall Online Food Ordering Script 1.0 - Cross-Site Request Forgery in my-account.php
CVSS 8.0
CVE-2019-9052 MEDIUM
Pluck 4.7.9-dev1 - Cross-Site Request Forgery via Image Deletion Endpoint
CVSS 6.5
CVE-2019-9051 MEDIUM
Pluck 4.7.9-dev1 - Cross-Site Request Forgery via Article Deletion Endpoint
CVSS 6.5
CVE-2019-9049 MEDIUM
Pluck 4.7.9-dev1 - Cross-Site Request Forgery via Module Delete URI
CVSS 6.5
CVE-2019-9048 MEDIUM
Pluck 4.7.9-dev1 - Cross-Site Request Forgery via Theme Delete URI
CVSS 6.5
CVE-2019-9040 HIGH
S-CMS PHP v3.0 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2019-8910 HIGH
WTCMS 1.0 - Cross-Site Request Forgery via Site Settings Endpoint
CVSS 8.8
CVE-2019-8902 MEDIUM
idreamsoft iCMS < 7.0.14 - Cross-Site Request Forgery via public/api.php?app=user URI
CVSS 5.7
CVE-2019-0267 HIGH
SAP Manufacturing Integration and Intelligence 15.0-15.2 - Cross-Site Request Forgery in Illuminator Servlet
CVSS 8.8
CVE-2019-8347 HIGH
BEESCMS 4.0 - Cross-Site Request Forgery via Admin Member Addition
CVSS 8.8
CVE-2019-7738 MEDIUM
C.P.Sub < 5.3 - Cross-Site Request Forgery via manage.php Article Deletion
CVSS 6.5
CVE-2019-7737 HIGH
Verydows 2.0 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2019-7730 MEDIUM
MyWebSQL 3.7 - Cross-Site Request Forgery via Database Deletion URI
CVSS 5.7
CVE-2019-7570 MEDIUM
PbootCMS 1.3.6 - Cross-Site Request Forgery via User Deletion Endpoint
CVSS 6.5
CVE-2019-7569 HIGH
doyo 2.3 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2019-7566 HIGH
CSZ CMS 1.1.8 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2019-1003022 MEDIUM
Jenkins Monitoring Plugin <1.74.0 - DoS
CVSS 6.5
CVE-2019-1003017 MEDIUM
Jenkins Job Import Plugin <3.0 - Privilege Escalation
CVSS 5.3
CVE-2019-1003016 HIGH
Jenkins Job Import Plugin <2.1 - Info Disclosure
CVSS 8.8
CVE-2019-1003012 MEDIUM
Jenkins Blue Ocean Plugins <1.10.1 - RCE
CVSS 6.5
Details
Vulnerabilities 9,378
Exploit Likelihood Medium