• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2019-9958

February 26, 2023 by

CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin’s session to process their requests.

CVE-2019-9882

February 26, 2023 by

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes.

CVE-2019-9883

February 26, 2023 by

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.

CVE-2019-9769

February 26, 2023 by

PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.

CVE-2019-9787

February 26, 2023 by

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.

CVE-2019-9688

February 26, 2023 by

sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 174
  • Go to page 175
  • Go to page 176
  • Go to page 177
  • Go to page 178
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE