映射到 CWE-352 的搜索结果 (1430)

CVE-2018-6874(发布:2018-04-04 13:29:01)NM
CVSS6.8

[原文]CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.

CVE-2018-8814(发布:2018-04-04 11:29:00)NMP
CVSS5.8

[原文]Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request.

CVE-2017-3965(发布:2018-04-04 09:29:00)NM
CVSS6.8

[原文]Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs.

CVE-2018-1098(发布:2018-04-03 12:29:00)NMPS
CVSS6.8

[原文]A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.

CVE-2018-8893(发布:2018-03-31 18:29:00)NM
CVSS6.8

[原文]Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ability to execute arbitrary PHP code.

CVE-2018-8908(发布:2018-03-31 18:29:00)NMP
CVSS6.8

[原文]An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.

首页上一页23456789下一页尾页 第4页 / 共239页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站