映射到 CWE-352 的搜索结果 (1430)
[原文]Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.
[原文]Dell EMC Isilon OneFS versions between 220.127.116.11 - 18.104.22.168, 22.214.171.124 - 126.96.36.199, and 188.8.131.52 - 184.108.40.206, versions 7.2.1.x, and version 220.127.116.11 and 18.104.22.168 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
[原文]Wampserver before 3.1.3 has CSRF in add_vhost.php.
[原文]Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
[原文]Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters.
[原文]A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 22.214.171.124 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.