CWE-352

CVE-2018-19544

February 26, 2023 by

JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news.

February 26, 2023 by

JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.

February 26, 2023 by

JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.

February 26, 2023 by

tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password.

February 26, 2023 by

BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.

February 26, 2023 by

sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account.