Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2023-27709: DedeCMS V5.7.160 Backend Blind SQL Injection

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.

CVE
#sql#csrf#vulnerability#web#mac#apple#intel#php#chrome#webkit
CVE-2023-27707: DedeCMS V5.7.160 Backend Blind SQL Injection

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint.

Ubuntu Security Notice USN-5953-1

Ubuntu Security Notice 5953-1 - It was discovered that IPython incorrectly processed REST API POST requests. An attacker could possibly use this issue to launch a cross-site request forgery attack and leak user's sensitive information. This issue only affected Ubuntu 14.04 ESM. It was discovered that IPython did not properly manage cross user temporary files. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.

CVE-2023-25708: WordPress WP VR 360 Panorama and Virtual Tour Builder plugin <= 8.2.7 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions.

CVE-2022-47427: WordPress My Calendar plugin <= 3.3.24.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.

CVE-2023-25968: WordPress Client Portal plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin <= 1.1.8 versions.

CVE-2023-25709: WordPress Locatoraid Store Locator plugin <= 3.9.11 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions.

CVE-2023-27235: jizhicms v2.4.5 has a file upload vulnerability and a CSRF vulnerability · Issue #85 · Cherry-toto/jizhicms

An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.

CVE-2023-27073: Online Food Ordering System Project in PHP | Projectworlds

A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request.