CWE-352

A CSRF issue was discovered in Jirafeau before 3.4.1. The “delete file” feature on the admin panel is not protected against automated requests and could be abused.

Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request.

/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user’s password.

WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account.

DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.

ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI.