• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2018-10127

February 26, 2023 by

An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role.

CVE-2018-10132

February 26, 2023 by

PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter.

CVE-2018-10030

February 26, 2023 by

CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php.

CVE-2018-10031

February 26, 2023 by

CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php.

CVE-2018-10048

February 26, 2023 by

iScripts eSwap v2.4 has CSRF via “registration_settings.php” in the Admin Panel.

CVE-2018-1002103

February 26, 2023 by

In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 93
  • Go to page 94
  • Go to page 95
  • Go to page 96
  • Go to page 97
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE