Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-19668 1Maxum 1Rumpus Ftp Jun 17, 2026 Feb 10, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html.
CVE-2019-19669 1Maxum 1Rumpus Ftp Jun 17, 2026 Feb 10, 2020 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html.
CVE-2019-19667 1Maxum 1Rumpus Ftp Jun 17, 2026 Feb 10, 2020 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html.
CVE-2019-19666 1Maxum 1Rumpus Ftp Jun 17, 2026 Feb 10, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html.
CVE-2019-19664 1Maxum 1Rumpus Ftp Jun 17, 2026 Feb 10, 2020 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html.
CVE-2019-19662 1Maxum 1Rumpus Ftp Jun 17, 2026 Feb 10, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html.
CVE-2013-2109 1Undolog 1Wp Cleanfix Nov 21, 2024 Feb 10, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WordPress plugin wp-cleanfix has Remote Code Execution
CVE-2013-2108 1Undolog 1Cleanfix Nov 21, 2024 Feb 10, 2020 N/A· v4 5.4 MEDIUM· v3 4.3 MEDIUM· v2 WordPress WP Cleanfix Plugin 2.4.4 has CSRF
CVE-2019-19665 1Maxum 1Rumpus Jun 17, 2026 Feb 10, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html.
CVE-2019-19663 1Maxum 1Rumpus Jun 17, 2026 Feb 10, 2020 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html.
CVE-2019-19660 1Maxum 1Rumpus Jun 17, 2026 Feb 10, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkS...Show more A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html.Show less
CVE-2019-19659 1Maxum 1Rumpus Jun 17, 2026 Feb 10, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details,...Show more A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.Show less
CVE-2019-20059 1Mfscripts 1Yetishare Jun 17, 2026 Feb 10, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 payment_manage.ajax.php and various _manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and...Show more payment_manage.ajax.php and various _manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. NOTE: this issue exists because of an incomplete fix for CVE-2019-19732.Show less
CVE-2014-2225 1Ui 3Airvision Controller Mfi ControllerUnifi Controller Nov 21, 2024 Feb 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity.Show less
CVE-2011-1085 1Smoothwall 1Smoothwall Express Nov 21, 2024 Feb 7, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CSRF vulnerability in Smoothwall Express 3.
CVE-2014-5288 1Kemptechnologies 1Load Master Nov 21, 2024 Feb 7, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.
CVE-2013-3568 1Cisco 1Linksys Wrt110 Firmware Nov 21, 2024 Feb 6, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
CVE-2012-6297 1Dd Wrt 1Dd Wrt Nov 21, 2024 Feb 6, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service.
CVE-2020-8658 1Bestwebsoft 1Htaccess Jun 17, 2026 Feb 6, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not valida...Show more The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website.Show less
CVE-2019-20405 1Atlassian 2Jira Data Center Jira Server Jun 17, 2026 Feb 6, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.

Previous 1...338339340...468 Next