Total
8611 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18460 | 1 711cms | 1 711cms | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content. | ||||
| CVE-2020-18458 | 1 Damicms | 1 Damicms | 2024-11-21 | 8.0 High |
| Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd. | ||||
| CVE-2020-18457 | 1 Bycms Project | 1 Bycms | 2024-11-21 | 6.8 Medium |
| Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html. | ||||
| CVE-2020-18454 | 1 Bycms Project | 1 Bycms | 2024-11-21 | 6.8 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html. | ||||
| CVE-2020-18326 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. | ||||
| CVE-2020-18265 | 1 Simple-log Project | 1 Simple-log | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member". | ||||
| CVE-2020-18264 | 1 Simple-log Project | 1 Simple-log | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member". | ||||
| CVE-2020-18198 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images." | ||||
| CVE-2020-18195 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page." | ||||
| CVE-2020-18157 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. | ||||
| CVE-2020-18151 | 1 Thinkcmf | 1 Thinkcmf | 2024-11-21 | 6.5 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. | ||||
| CVE-2020-18129 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 8.8 High |
| A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php. | ||||
| CVE-2020-18124 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 5.7 Medium |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. | ||||
| CVE-2020-18123 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. | ||||
| CVE-2020-17901 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 6.5 Medium |
| Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. | ||||
| CVE-2020-16610 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 4.3 Medium |
| Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention. | ||||
| CVE-2020-16256 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 8.8 High |
| The API on Winston 1.5.4 devices is vulnerable to CSRF. | ||||
| CVE-2020-16253 | 1 Pghero Project | 1 Pghero | 2024-11-21 | 8.1 High |
| The PgHero gem through 2.6.0 for Ruby allows CSRF. | ||||
| CVE-2020-16252 | 1 Field Test Project | 1 Field Test | 2024-11-21 | 4.3 Medium |
| The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. | ||||
| CVE-2020-16208 | 1 Redlion | 4 N-tron 702-w, N-tron 702-w Firmware, N-tron 702m12-w and 1 more | 2024-11-21 | 8.8 High |
| The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions). | ||||