← Back
CWE-352

9,314 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,314)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-9598
1Chshcms
1Cscms
Jun 17, 2026
Mar 7, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.
CVE-2019-8437
1Njiandan Cms Project
1Njiandan Cms
Jun 17, 2026
Mar 7, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator.
CVE-2019-6710
1Zyxel
1Nbg 418n Firmware
Jun 17, 2026
Mar 7, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
CVE-2018-18449
1Phome
1Empirecms
Nov 21, 2024
Mar 7, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.
CVE-2018-17429
1Jtbc
1Jtbc
Nov 21, 2024
Mar 7, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
/console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account.
CVE-2019-9625
1Directadmin
1Directadmin
Jun 17, 2026
Mar 7, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.
CVE-2019-9603
11234n
1Minicms
Jun 17, 2026
Mar 6, 2019
N/A· v4
6.5 MEDIUM· v3
5.8 MEDIUM· v2
MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891.
CVE-2019-6561
1Moxa
4Eds 405a Firmware
Eds 408a FirmwareEds 510a Firmware+1 more
Jun 17, 2026
Mar 5, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
CVE-2019-9549
1Popojicms
1Popojicms
Jun 17, 2026
Mar 3, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935.
CVE-2019-9182
1Zzzcms
1Zzzphp
Jun 17, 2026
Feb 26, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter.
CVE-2019-9062
1Phpscriptsmall
1Online Food Ordering Script
Jun 17, 2026
Feb 23, 2019
N/A· v4
8.0 HIGH· v3
6.0 MEDIUM· v2
PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php.
CVE-2019-9052
1Pluck Cms
1Pluck
Jun 17, 2026
Feb 23, 2019
N/A· v4
6.5 MEDIUM· v3
5.8 MEDIUM· v2
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.
CVE-2019-9051
1Pluck Cms
1Pluck
Jun 17, 2026
Feb 23, 2019
N/A· v4
6.5 MEDIUM· v3
5.8 MEDIUM· v2
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.
CVE-2019-9049
1Pluck Cms
1Pluck
Jun 17, 2026
Feb 23, 2019
N/A· v4
6.5 MEDIUM· v3
5.8 MEDIUM· v2
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI.
CVE-2019-9048
1Pluck Cms
1Pluck
Jun 17, 2026
Feb 23, 2019
N/A· v4
6.5 MEDIUM· v3
5.8 MEDIUM· v2
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI.
CVE-2019-9040
1S Cms
1S Cms
Jun 17, 2026
Feb 23, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.
CVE-2019-8910
1Wtcms Project
1Wtcms
Jun 17, 2026
Feb 18, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.
CVE-2019-8902
1Idreamsoft
1Icms
Jun 17, 2026
Feb 18, 2019
N/A· v4
5.7 MEDIUM· v3
4.9 MEDIUM· v2
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
CVE-2019-0267
1Sap
1Manufacturing Integration And Intelligence
Jun 17, 2026
Feb 15, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Ser...Show more
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.Show less
CVE-2019-8347
1Beescms
1Beescms
Jun 17, 2026
Feb 15, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.