• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2019-11557

February 26, 2023 by

The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST[‘action’] value and the $_GET[‘action’] value, and the latter is unsanitized.

CVE-2019-11456

February 26, 2023 by

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.

CVE-2019-11457

February 26, 2023 by

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.

CVE-2019-11416

February 26, 2023 by

A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.

CVE-2019-11374

February 26, 2023 by

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.

CVE-2019-11375

February 26, 2023 by

Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 231
  • Go to page 232
  • Go to page 233
  • Go to page 234
  • Go to page 235
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE