映射到 CWE-352 的搜索结果 (1407)

CVE-2014-2550(发布:2018-03-19 17:29:00)NM
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php.

CVE-2014-2675(发布:2018-03-19 17:29:00)NM
CVSS5.8

[原文]Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php.

CVE-2014-4613(发布:2018-03-16 13:29:00)NM
CVSS4.3

[原文]Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.

CVE-2018-6224(发布:2018-03-15 15:29:00)NMS
CVSS6.8

[原文]A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain.

CVE-2018-8717(发布:2018-03-14 21:29:04)NM
CVSS6.8

[原文]joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request.

CVE-2018-7701(发布:2018-03-14 21:29:03)NMP
CVSS5.8

[原文]Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.

首页上一页23456789下一页尾页 第4页 / 共235页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站