• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2018-12603

February 26, 2023 by

Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.

CVE-2018-12574

February 26, 2023 by

CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.

CVE-2018-12582

February 26, 2023 by

An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI.

CVE-2018-12583

February 26, 2023 by

An issue was discovered in AKCMS 6.1. CSRF can delete an article via an admincp deleteitem action to index.php.

CVE-2018-12529

February 26, 2023 by

An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.

CVE-2018-12540

February 26, 2023 by

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 80
  • Go to page 81
  • Go to page 82
  • Go to page 83
  • Go to page 84
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE