CWE-352

A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords.

A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.

Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.

Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user’s intention.

The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF.

The PgHero gem through 2.6.0 for Ruby allows CSRF.