Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-1325

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-13 May, 2011 | 17:00
Updated At-17 Sep, 2024 | 04:24
Rejected At-
Credits

Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:13 May, 2011 | 17:00
Updated At:17 Sep, 2024 | 04:24
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029
third-party-advisory
x_refsource_JVNDB
http://secunia.com/advisories/44487
third-party-advisory
x_refsource_SECUNIA
http://jvn.jp/en/jp/JVN37878530/index.html
third-party-advisory
x_refsource_JVN
http://www.osvdb.org/72239
vdb-entry
x_refsource_OSVDB
http://www.ec-cube.net/press/detail.php?press_id=114
x_refsource_MISC
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029
Resource:
third-party-advisory
x_refsource_JVNDB
Hyperlink: http://secunia.com/advisories/44487
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://jvn.jp/en/jp/JVN37878530/index.html
Resource:
third-party-advisory
x_refsource_JVN
Hyperlink: http://www.osvdb.org/72239
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.ec-cube.net/press/detail.php?press_id=114
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029
third-party-advisory
x_refsource_JVNDB
x_transferred
http://secunia.com/advisories/44487
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://jvn.jp/en/jp/JVN37878530/index.html
third-party-advisory
x_refsource_JVN
x_transferred
http://www.osvdb.org/72239
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.ec-cube.net/press/detail.php?press_id=114
x_refsource_MISC
x_transferred
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029
Resource:
third-party-advisory
x_refsource_JVNDB
x_transferred
Hyperlink: http://secunia.com/advisories/44487
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN37878530/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: http://www.osvdb.org/72239
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.ec-cube.net/press/detail.php?press_id=114
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:13 May, 2011 | 17:05
Updated At:29 Apr, 2026 | 01:13

Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P
CPE Matches

lockon
lockon
>>ec-cube>>Versions up to 2.11.0(inclusive)
cpe:2.3:a:lockon:ec-cube:*:beta2:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.1.0
cpe:2.3:a:lockon:ec-cube:1.1.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.1.1
cpe:2.3:a:lockon:ec-cube:1.1.1:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.2.0
cpe:2.3:a:lockon:ec-cube:1.2.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.0
cpe:2.3:a:lockon:ec-cube:1.3.0:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.0
cpe:2.3:a:lockon:ec-cube:1.3.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.1
cpe:2.3:a:lockon:ec-cube:1.3.1:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.1
cpe:2.3:a:lockon:ec-cube:1.3.1:a:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.2
cpe:2.3:a:lockon:ec-cube:1.3.2:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.3
cpe:2.3:a:lockon:ec-cube:1.3.3:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.4
cpe:2.3:a:lockon:ec-cube:1.3.4:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.4
cpe:2.3:a:lockon:ec-cube:1.3.4:community:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.0
cpe:2.3:a:lockon:ec-cube:1.4.0:a-beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.0
cpe:2.3:a:lockon:ec-cube:1.4.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.1
cpe:2.3:a:lockon:ec-cube:1.4.1:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.2
cpe:2.3:a:lockon:ec-cube:1.4.2:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.3
cpe:2.3:a:lockon:ec-cube:1.4.3:a-beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.3
cpe:2.3:a:lockon:ec-cube:1.4.3:b-beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.3
cpe:2.3:a:lockon:ec-cube:1.4.3:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.4
cpe:2.3:a:lockon:ec-cube:1.4.4:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.5
cpe:2.3:a:lockon:ec-cube:1.4.5:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.6
cpe:2.3:a:lockon:ec-cube:1.4.6:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.7
cpe:2.3:a:lockon:ec-cube:1.4.7:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.5.0
cpe:2.3:a:lockon:ec-cube:1.5.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.0.0
cpe:2.3:a:lockon:ec-cube:2.0.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.0.1
cpe:2.3:a:lockon:ec-cube:2.0.1:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.0.1
cpe:2.3:a:lockon:ec-cube:2.0.1:a:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.1.0
cpe:2.3:a:lockon:ec-cube:2.1.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.1.2
cpe:2.3:a:lockon:ec-cube:2.1.2:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.1.2
cpe:2.3:a:lockon:ec-cube:2.1.2:a:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.2.0
cpe:2.3:a:lockon:ec-cube:2.2.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.2.1
cpe:2.3:a:lockon:ec-cube:2.2.1:one:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.3.0
cpe:2.3:a:lockon:ec-cube:2.3.0:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.3.0
cpe:2.3:a:lockon:ec-cube:2.3.0:rc1:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.3.1
cpe:2.3:a:lockon:ec-cube:2.3.1:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.3.3
cpe:2.3:a:lockon:ec-cube:2.3.3:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.3.4
cpe:2.3:a:lockon:ec-cube:2.3.4:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.4.0
cpe:2.3:a:lockon:ec-cube:2.4.0:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.4.0
cpe:2.3:a:lockon:ec-cube:2.4.0:rc1:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.4.1
cpe:2.3:a:lockon:ec-cube:2.4.1:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.4.2
cpe:2.3:a:lockon:ec-cube:2.4.2:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.4.3
cpe:2.3:a:lockon:ec-cube:2.4.3:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.4.4
cpe:2.3:a:lockon:ec-cube:2.4.4:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.5.0
cpe:2.3:a:lockon:ec-cube:2.5.0:alpha:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.5.0
cpe:2.3:a:lockon:ec-cube:2.5.0:alpha2:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.11.0
cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.11.0
cpe:2.3:a:lockon:ec-cube:2.11.0:beta:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://jvn.jp/en/jp/JVN37878530/index.htmlvultures@jpcert.or.jp
N/A
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029vultures@jpcert.or.jp
N/A
http://secunia.com/advisories/44487vultures@jpcert.or.jp
Vendor Advisory
http://www.ec-cube.net/press/detail.php?press_id=114vultures@jpcert.or.jp
N/A
http://www.osvdb.org/72239vultures@jpcert.or.jp
N/A
http://jvn.jp/en/jp/JVN37878530/index.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44487af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.ec-cube.net/press/detail.php?press_id=114af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/72239af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://jvn.jp/en/jp/JVN37878530/index.html
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://secunia.com/advisories/44487
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: http://www.ec-cube.net/press/detail.php?press_id=114
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://www.osvdb.org/72239
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://jvn.jp/en/jp/JVN37878530/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44487
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.ec-cube.net/press/detail.php?press_id=114
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/72239
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

114Records found

CVE-2016-1201
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.64% / 46.01%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators.

Action-Not Available
Vendor-lockonn/a
Product-ec-cuben/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5665
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-5.1||MEDIUM
EPSS-0.65% / 46.44%
||
7 Day CHG~0.00%
Published-27 Oct, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.

Action-Not Available
Vendor-lockonn/a
Product-ec-cuben/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5993
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-1.08% / 60.98%
||
7 Day CHG~0.00%
Published-21 Nov, 2013 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.

Action-Not Available
Vendor-lockonn/a
Product-ec-cuben/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-1175
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.77% / 50.97%
||
7 Day CHG~0.00%
Published-05 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-sharpn/a
Product-aquos_hn-pp150aquos_hn-pp150_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10883
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.60% / 44.59%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 15:30
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.

Action-Not Available
Vendor-mijnpressn/a
Product-simple_add_pages_or_postsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 44.83%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 14:51
Updated-06 Aug, 2024 | 08:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.

Action-Not Available
Vendor-wordpress_uninstall_projectn/a
Product-wordpress_uninstalln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-9418
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.56% / 42.29%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 23:48
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.

Action-Not Available
Vendor-kibokolabsn/a
Product-watupron/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20178
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 34.88%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 21:33
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php to delete a user.

Action-Not Available
Vendor-peeln/a
Product-peel_shoppingn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-19663
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 34.91%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 15:54
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html.

Action-Not Available
Vendor-maxumn/a
Product-rumpusn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-19667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 29.34%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 17:45
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html.

Action-Not Available
Vendor-maxumn/a
Product-rumpus_ftpn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-19664
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.37% / 29.18%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 16:44
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html.

Action-Not Available
Vendor-maxumn/a
Product-rumpus_ftpn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-19669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 34.91%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 17:59
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html.

Action-Not Available
Vendor-maxumn/a
Product-rumpus_ftpn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-18651
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.71% / 48.93%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 20:39
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. The user needs to have an active privileged session.

Action-Not Available
Vendor-3xlogicn/a
Product-infinias_access_controlinfinias_access_control_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4353
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.65% / 46.57%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via unspecified vectors.

Action-Not Available
Vendor-osscuben/a
Product-custom_sitemapn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4349
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.65% / 46.57%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors.

Action-Not Available
Vendor-spider_contacts_projectn/a
Product-spider_contactsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-9052
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 42.23%
||
7 Day CHG~0.00%
Published-23 Feb, 2019 | 19:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.

Action-Not Available
Vendor-pluck-cmsn/a
Product-pluckn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3374
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.65% / 46.57%
||
7 Day CHG~0.00%
Published-21 Apr, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable corners via unspecified vectors.

Action-Not Available
Vendor-corner_projectn/a
Product-cornern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3354
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.66% / 46.88%
||
7 Day CHG~0.00%
Published-21 Apr, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors.

Action-Not Available
Vendor-wishlist_projectn/a
Product-wishlistn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.66% / 46.87%
||
7 Day CHG~0.00%
Published-21 Apr, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors.

Action-Not Available
Vendor-alfrescon/a
Product-alfrescon/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-16721
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 41.14%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 13:35
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user.

Action-Not Available
Vendor-5nonen/a
Product-nonecmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3382
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.65% / 46.57%
||
7 Day CHG~0.00%
Published-21 Apr, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2) remove nodes from a basket via unspecified vectors.

Action-Not Available
Vendor-insiten/a
Product-node_basketn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3624
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-2.30% / 81.20%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.

Action-Not Available
Vendor-ektronn/a
Product-ektron_content_management_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.65% / 46.57%
||
7 Day CHG~0.00%
Published-21 Apr, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable a module via unspecified vectors.

Action-Not Available
Vendor-funnymonkeyn/a
Product-feature_setn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-16677
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 37.42%
||
7 Day CHG~0.00%
Published-21 Sep, 2019 | 19:51
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.

Action-Not Available
Vendor-idreamsoftn/a
Product-icmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.65% / 46.57%
||
7 Day CHG~0.00%
Published-21 Apr, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors.

Action-Not Available
Vendor-balancedn/a
Product-commerce_balanced_paymentsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0229
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.1||HIGH
EPSS-0.54% / 41.35%
||
7 Day CHG~0.00%
Published-21 Mar, 2022 | 18:55
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.

Action-Not Available
Vendor-miniorangeUnknown
Product-google_authenticatorminiOrange's Google Authenticator
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-2249
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-1.34% / 67.94%
||
7 Day CHG~0.00%
Published-16 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_s7-1500_cpu_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-2675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 51.47%
||
7 Day CHG~0.00%
Published-19 Mar, 2018 | 21:00
Updated-06 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php.

Action-Not Available
Vendor-wp-html-sitemap_projectn/a
Product-wp-html-sitemapn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20071
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 49.35%
||
7 Day CHG~0.00%
Published-29 Dec, 2019 | 23:29
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-dl4343dl4343_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-41245
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.69% / 48.40%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 15:05
Updated-22 Apr, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible Cross-Site Request Forgery in Combodo iTop

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file.

Action-Not Available
Vendor-combodoCombodo
Product-itopiTop
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-39198
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.30% / 22.01%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 21:30
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The disqualify lead action may be executed without CSRF token check

OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package.

Action-Not Available
Vendor-oroincoroinc
Product-client_relationship_managementcrm
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-32774
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.48% / 37.65%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 00:35
Updated-03 Aug, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in DataDump

DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or delete dumps could be forged. The vulnerability was patched in commit 67a82b76e186925330b89ace9c5fd893a300830b. There are no known workarounds. You must completely disable DataDump.

Action-Not Available
Vendor-mirahezemiraheze
Product-datadumpDataDump
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-7738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 44.75%
||
7 Day CHG~0.00%
Published-11 Feb, 2019 | 21:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI.

Action-Not Available
Vendor-c.p.sub_projectn/a
Product-c.p.subn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24641
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.1||HIGH
EPSS-0.52% / 40.29%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 19:16
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF)

The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion

Action-Not Available
Vendor-imagestowebp_projectUnknown
Product-images_to_webpImages to WebP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24166
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.46% / 36.52%
||
7 Day CHG~0.00%
Published-05 Apr, 2021 | 18:27
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection

The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection.

Action-Not Available
Vendor-UnknownSaturday Drive, INC
Product-ninja_formsNinja Forms Contact Form – The Drag and Drop Form Builder for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4352
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.65% / 46.57%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors.

Action-Not Available
Vendor-web-doradon/a
Product-web-dorado_spider_video_playern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-3375
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.66% / 46.87%
||
7 Day CHG~0.00%
Published-21 Apr, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified vectors.

Action-Not Available
Vendor-niifn/a
Product-shibboleth_authenticationn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24500
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.1||HIGH
EPSS-0.65% / 46.43%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 10:04
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Workreap theme < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary objects on the target site.

Action-Not Available
Vendor-amentotechUnknown
Product-workreapWorkreap
CWE ID-CWE-283
Unverified Ownership
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-22953
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 26.55%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 12:42
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"

Action-Not Available
Vendor-concretecmsn/a
Product-concrete_cmshttps://github.com/concrete5/concrete5
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-21644
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-1.05% / 60.18%
||
7 Day CHG~0.00%
Published-21 Apr, 2021 | 14:20
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.

Action-Not Available
Vendor-Jenkins
Product-config_file_providerJenkins Config File Provider Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-21731
Matching Score-4
Assigner-ZTE Corporation
ShareView Details
Matching Score-4
Assigner-ZTE Corporation
CVSS Score-8.1||HIGH
EPSS-0.39% / 30.80%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 15:05
Updated-28 Jan, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04

Action-Not Available
Vendor-n/aZTE Corporation
Product-zxcloud_iraiZXCLOUD iRAI
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.68% / 47.69%
||
7 Day CHG~0.00%
Published-15 May, 2020 | 17:07
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.

Action-Not Available
Vendor-intelliantsn/a
Product-subrionn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-20096
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.1||HIGH
EPSS-0.61% / 44.73%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 11:31
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

Action-Not Available
Vendor-lucyparsonslabsn/a
Product-openoversightOpenOversight
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-1324
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.8||MEDIUM
EPSS-0.47% / 37.61%
||
7 Day CHG~0.00%
Published-09 May, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

Action-Not Available
Vendor-n/aBUFFALO INC.
Product-wzr-ampg300nhwhr-hp-g54_firmwarewhr-hp-g54bbr-4hg_firmwareas-100wzr-ampg144nh_firmwarewhr-hp-ampg_firmwarewzr-g144nh_firmwarewhr-hp-gwhr-gwhr-g54swhr-g_firmwarewer-a54g54_firmwarebbr-4mgwer-amg54_firmwarebhr-4rv_firmwarewzr-g144nbbr-4mg_firmwarewzr-g144n_firmwarewzr2-g300n_firmwarefs-g54_firmwarewer-amg54fs-g54wer-am54g54whr-amg54_firmwarewhr-ampg_firmwarewhr-ampgwhr-am54g54_firmwarewhr-hp-g_firmwarewer-a54g54whr-am54g54whr-amg54bhr-4rvwzr-ampg300nh_firmwarewzr-ampg144nhwer-ag54_firmwarewhr-g54s_firmwarewzr2-g300nwzr-g144nhwer-ag54whr-hp-ampgbbr-4hgwer-am54g54_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-0440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-1.03% / 59.65%
||
7 Day CHG~0.00%
Published-28 Mar, 2011 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.

Action-Not Available
Vendor-n/aMahara
Product-maharan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-29435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 28.74%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 19:54
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets.

Action-Not Available
Vendor-code_snippets_extended_projectAlexander Stokmann
Product-code_snippets_extendedCode Snippets Extended (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-29412
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.39% / 31.29%
||
7 Day CHG~0.00%
Published-28 Apr, 2022 | 16:18
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.

Action-Not Available
Vendor-hermit_projectMufeng
Product-hermitHermit 音乐播放器 (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-25263
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.59% / 43.98%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 12:33
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.

Action-Not Available
Vendor-pyrocmsn/a
Product-pyrocmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2321
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.1||HIGH
EPSS-0.75% / 50.33%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 15:55
Updated-04 Aug, 2024 | 07:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.

Action-Not Available
Vendor-Jenkins
Product-shelve_projectJenkins Shelve Project Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23830
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.53% / 41.13%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 16:06
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.

Action-Not Available
Vendor-stock_management_system_projectn/a
Product-stock_management_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found