• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2018-17826

February 26, 2023 by

HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico).

CVE-2018-17584

February 26, 2023 by

The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.

CVE-2018-17429

February 26, 2023 by

/console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account.

CVE-2018-17366

February 26, 2023 by

An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.

CVE-2018-17387

February 26, 2023 by

CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for adding an admin account.

CVE-2018-17389

February 26, 2023 by

CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 57
  • Go to page 58
  • Go to page 59
  • Go to page 60
  • Go to page 61
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE