CWE-352

DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI.

In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account.

Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module.

Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator’s password.

qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account.

rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.