CVE-2023-42270

Public exploit
Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-09-15
Updated
2024-02-02

CVE-2022-41622

Public exploit
In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Max CVSS
8.8
EPSS Score
42.25%
Published
2022-12-07
Updated
2022-12-08

CVE-2020-11060

Public exploit
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6.
Max CVSS
9.0
EPSS Score
0.22%
Published
2020-05-12
Updated
2021-11-04

CVE-2019-19833

Public exploit
In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).
Max CVSS
6.5
EPSS Score
96.89%
Published
2019-12-18
Updated
2023-02-01

CVE-2019-11231

Public exploit
An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by default no longer enables the AllowOverride directive, leading to data/users/admin.xml password exposure. The passwords are hashed but this can be bypassed by starting with the data/other/authorization.xml API key. This allows one to target the session state, since they decided to roll their own implementation. The cookie_name is crafted information that can be leaked from the frontend (site name and version). If a someone leaks the API key and the admin username, then they can bypass authentication. To do so, they need to supply a cookie based on an SHA-1 computation of this known information. The vulnerability exists in the admin/theme-edit.php file. This file checks for forms submissions via POST requests, and for the csrf nonce. If the nonce sent is correct, then the file provided by the user is uploaded. There is a path traversal allowing write access outside the jailed themes directory root. Exploiting the traversal is not necessary because the .htaccess file is ignored. A contributing factor is that there isn't another check on the extension before saving the file, with the assumption that the parameter content is safe. This allows the creation of web accessible and executable files with arbitrary content.
Max CVSS
9.8
EPSS Score
58.92%
Published
2019-05-22
Updated
2020-08-24

CVE-2019-10655

Public exploit
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.
Max CVSS
9.8
EPSS Score
92.78%
Published
2019-03-30
Updated
2022-04-18

CVE-2018-15133

Known exploited
Public exploit
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
Max CVSS
8.1
EPSS Score
62.42%
Published
2018-08-09
Updated
2024-01-17
CISA KEV Added
2024-01-16

CVE-2018-8718

Public exploit
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
Max CVSS
8.0
EPSS Score
0.76%
Published
2018-03-27
Updated
2019-03-04

CVE-2017-1000499

Public exploit
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
Max CVSS
8.8
EPSS Score
74.35%
Published
2018-01-03
Updated
2019-04-30

CVE-2017-1000479

Public exploit
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions.
Max CVSS
8.8
EPSS Score
1.15%
Published
2018-01-03
Updated
2019-05-30

CVE-2017-16244

Public exploit
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.
Max CVSS
8.8
EPSS Score
0.20%
Published
2017-11-01
Updated
2020-08-03

CVE-2017-9757

Public exploit
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.
Max CVSS
8.8
EPSS Score
74.13%
Published
2017-06-19
Updated
2019-10-03

CVE-2016-6897

Public exploit
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.
Max CVSS
6.5
EPSS Score
0.33%
Published
2017-01-18
Updated
2017-09-03

CVE-2016-6277

Known exploited
Public exploit
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
Max CVSS
9.3
EPSS Score
97.47%
Published
2016-12-14
Updated
2017-08-16
CISA KEV Added
2022-03-07

CVE-2016-4808

Public exploit
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
Max CVSS
8.8
EPSS Score
0.44%
Published
2017-01-11
Updated
2017-01-19

CVE-2015-4624

Public exploit
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
Max CVSS
7.5
EPSS Score
14.59%
Published
2017-03-31
Updated
2018-10-09

CVE-2014-100005

Public exploit
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
Max CVSS
6.8
EPSS Score
42.13%
Published
2015-01-13
Updated
2023-11-08

CVE-2014-4671

Public exploit
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
Max CVSS
4.3
EPSS Score
1.53%
Published
2014-07-09
Updated
2015-09-22

CVE-2013-5696

Public exploit
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
Max CVSS
6.8
EPSS Score
61.10%
Published
2013-09-23
Updated
2013-09-23

CVE-2013-3568

Public exploit
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
Max CVSS
8.8
EPSS Score
97.37%
Published
2020-02-06
Updated
2020-02-12

CVE-2011-4642

Public exploit
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.
Max CVSS
4.6
EPSS Score
1.65%
Published
2012-01-03
Updated
2012-11-06

CVE-2009-2936

Public exploit
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
Max CVSS
7.5
EPSS Score
51.79%
Published
2010-04-05
Updated
2024-03-21

CVE-2007-4387

Public exploit
Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.
Max CVSS
4.3
EPSS Score
33.47%
Published
2007-08-17
Updated
2018-10-15
Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1.
Max CVSS
4.3
EPSS Score
N/A
Published
2024-03-28
Updated
2024-03-28
Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!