Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-1325

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-13 May, 2011 | 17:00
Updated At-17 Sep, 2024 | 04:24
Rejected At-
Credits

Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:13 May, 2011 | 17:00
Updated At:17 Sep, 2024 | 04:24
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029
third-party-advisory
x_refsource_JVNDB
http://secunia.com/advisories/44487
third-party-advisory
x_refsource_SECUNIA
http://jvn.jp/en/jp/JVN37878530/index.html
third-party-advisory
x_refsource_JVN
http://www.osvdb.org/72239
vdb-entry
x_refsource_OSVDB
http://www.ec-cube.net/press/detail.php?press_id=114
x_refsource_MISC
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029
Resource:
third-party-advisory
x_refsource_JVNDB
Hyperlink: http://secunia.com/advisories/44487
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://jvn.jp/en/jp/JVN37878530/index.html
Resource:
third-party-advisory
x_refsource_JVN
Hyperlink: http://www.osvdb.org/72239
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.ec-cube.net/press/detail.php?press_id=114
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029
third-party-advisory
x_refsource_JVNDB
x_transferred
http://secunia.com/advisories/44487
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://jvn.jp/en/jp/JVN37878530/index.html
third-party-advisory
x_refsource_JVN
x_transferred
http://www.osvdb.org/72239
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.ec-cube.net/press/detail.php?press_id=114
x_refsource_MISC
x_transferred
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029
Resource:
third-party-advisory
x_refsource_JVNDB
x_transferred
Hyperlink: http://secunia.com/advisories/44487
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN37878530/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: http://www.osvdb.org/72239
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.ec-cube.net/press/detail.php?press_id=114
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:13 May, 2011 | 17:05
Updated At:29 Apr, 2026 | 01:13

Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P
CPE Matches

lockon
lockon
>>ec-cube>>Versions up to 2.11.0(inclusive)
cpe:2.3:a:lockon:ec-cube:*:beta2:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.1.0
cpe:2.3:a:lockon:ec-cube:1.1.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.1.1
cpe:2.3:a:lockon:ec-cube:1.1.1:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.2.0
cpe:2.3:a:lockon:ec-cube:1.2.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.0
cpe:2.3:a:lockon:ec-cube:1.3.0:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.0
cpe:2.3:a:lockon:ec-cube:1.3.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.1
cpe:2.3:a:lockon:ec-cube:1.3.1:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.1
cpe:2.3:a:lockon:ec-cube:1.3.1:a:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.2
cpe:2.3:a:lockon:ec-cube:1.3.2:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.3
cpe:2.3:a:lockon:ec-cube:1.3.3:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.4
cpe:2.3:a:lockon:ec-cube:1.3.4:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.3.4
cpe:2.3:a:lockon:ec-cube:1.3.4:community:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.0
cpe:2.3:a:lockon:ec-cube:1.4.0:a-beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.0
cpe:2.3:a:lockon:ec-cube:1.4.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.1
cpe:2.3:a:lockon:ec-cube:1.4.1:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.2
cpe:2.3:a:lockon:ec-cube:1.4.2:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.3
cpe:2.3:a:lockon:ec-cube:1.4.3:a-beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.3
cpe:2.3:a:lockon:ec-cube:1.4.3:b-beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.3
cpe:2.3:a:lockon:ec-cube:1.4.3:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.4
cpe:2.3:a:lockon:ec-cube:1.4.4:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.5
cpe:2.3:a:lockon:ec-cube:1.4.5:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.6
cpe:2.3:a:lockon:ec-cube:1.4.6:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.4.7
cpe:2.3:a:lockon:ec-cube:1.4.7:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>1.5.0
cpe:2.3:a:lockon:ec-cube:1.5.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.0.0
cpe:2.3:a:lockon:ec-cube:2.0.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.0.1
cpe:2.3:a:lockon:ec-cube:2.0.1:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.0.1
cpe:2.3:a:lockon:ec-cube:2.0.1:a:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.1.0
cpe:2.3:a:lockon:ec-cube:2.1.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.1.2
cpe:2.3:a:lockon:ec-cube:2.1.2:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.1.2
cpe:2.3:a:lockon:ec-cube:2.1.2:a:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.2.0
cpe:2.3:a:lockon:ec-cube:2.2.0:beta:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.2.1
cpe:2.3:a:lockon:ec-cube:2.2.1:one:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.3.0
cpe:2.3:a:lockon:ec-cube:2.3.0:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.3.0
cpe:2.3:a:lockon:ec-cube:2.3.0:rc1:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.3.1
cpe:2.3:a:lockon:ec-cube:2.3.1:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.3.3
cpe:2.3:a:lockon:ec-cube:2.3.3:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.3.4
cpe:2.3:a:lockon:ec-cube:2.3.4:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.4.0
cpe:2.3:a:lockon:ec-cube:2.4.0:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.4.0
cpe:2.3:a:lockon:ec-cube:2.4.0:rc1:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.4.1
cpe:2.3:a:lockon:ec-cube:2.4.1:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.4.2
cpe:2.3:a:lockon:ec-cube:2.4.2:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.4.3
cpe:2.3:a:lockon:ec-cube:2.4.3:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.4.4
cpe:2.3:a:lockon:ec-cube:2.4.4:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.5.0
cpe:2.3:a:lockon:ec-cube:2.5.0:alpha:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.5.0
cpe:2.3:a:lockon:ec-cube:2.5.0:alpha2:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.11.0
cpe:2.3:a:lockon:ec-cube:2.11.0:*:*:*:*:*:*:*
lockon
lockon
>>ec-cube>>2.11.0
cpe:2.3:a:lockon:ec-cube:2.11.0:beta:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://jvn.jp/en/jp/JVN37878530/index.htmlvultures@jpcert.or.jp
N/A
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029vultures@jpcert.or.jp
N/A
http://secunia.com/advisories/44487vultures@jpcert.or.jp
Vendor Advisory
http://www.ec-cube.net/press/detail.php?press_id=114vultures@jpcert.or.jp
N/A
http://www.osvdb.org/72239vultures@jpcert.or.jp
N/A
http://jvn.jp/en/jp/JVN37878530/index.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44487af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.ec-cube.net/press/detail.php?press_id=114af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/72239af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://jvn.jp/en/jp/JVN37878530/index.html
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://secunia.com/advisories/44487
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: http://www.ec-cube.net/press/detail.php?press_id=114
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://www.osvdb.org/72239
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: http://jvn.jp/en/jp/JVN37878530/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44487
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.ec-cube.net/press/detail.php?press_id=114
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/72239
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

114Records found

CVE-2021-24636
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.1||HIGH
EPSS-0.52% / 40.29%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 10:06
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Print My Blog < 3.4.2 - Plugin Deactivation via CSRF

The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link

Action-Not Available
Vendor-print_my_blog_projectUnknown
Product-print_my_blogPrint My Blog – Print, PDF, & eBook Converter WordPress Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24230
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.1||HIGH
EPSS-0.60% / 44.25%
||
7 Day CHG~0.00%
Published-12 Apr, 2021 | 14:06
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite the “wp_capabilities” meta, which contains the affected user account’s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content.

Action-Not Available
Vendor-patreonUnknown
Product-patreon_wordpressPatreon WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-22949
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 26.55%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 12:40
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"

Action-Not Available
Vendor-concretecmsn/a
Product-concrete_cmshttps://github.com/concrete5/concrete5
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-10248
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 42.38%
||
7 Day CHG~0.00%
Published-20 Apr, 2018 | 17:00
Updated-05 May, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.

Action-Not Available
Vendor-wuzhicmsn/a
Product-wuzhicmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0483
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.60% / 44.32%
||
7 Day CHG~0.00%
Published-09 Feb, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0484
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.55% / 41.90%
||
7 Day CHG~0.00%
Published-09 Feb, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete shared or saved searches via a link or IMG tag to buglist.cgi.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-0482
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.50% / 39.36%
||
7 Day CHG~0.00%
Published-09 Feb, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-33121
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.39% / 30.93%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 20:59
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.

Action-Not Available
Vendor-1234nn/a
Product-minicmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2008-3743
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.84% / 53.27%
||
7 Day CHG~0.00%
Published-27 Aug, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupaln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2008-3909
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.93% / 56.25%
||
7 Day CHG~0.00%
Published-04 Sep, 2008 | 17:00
Updated-16 Apr, 2026 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.

Action-Not Available
Vendor-n/aDjango
Product-djangon/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2008-3392
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.60% / 44.12%
||
7 Day CHG~0.00%
Published-31 Jul, 2008 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp.

Action-Not Available
Vendor-webwizguiden/a
Product-web_wiz_forumn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-6038
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.1||HIGH
EPSS-0.44% / 35.46%
||
7 Day CHG~0.00%
Published-30 Jun, 2017 | 02:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.

Action-Not Available
Vendor-belden_hirschmannn/a
Product-gecko_lite_managed_switch_firmwaregecko_lite_managed_switchBelden Hirschmann GECKO
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-35491
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.85% / 53.81%
||
7 Day CHG~0.00%
Published-05 Oct, 2021 | 15:10
Updated-04 Aug, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolved in Wowza Streaming Engine release 4.8.14.

Action-Not Available
Vendor-wowzan/a
Product-streaming_enginen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0141
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.1||HIGH
EPSS-0.45% / 36.22%
||
7 Day CHG-0.01%
Published-12 Apr, 2022 | 11:15
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks

Action-Not Available
Vendor-vfbproUnknown
Product-visual_form_builderVisual Form Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found