Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

101news By Mayuri K 1.0 SQL Injection

101news By Mayuri K version 1.0 suffers from multiple remote SQL injection vulnerabilities.

Packet Storm
#sql#csrf#vulnerability#web#git#php#auth
CVE-2022-42950: Couchbase Alerts

An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.

CVE-2022-24895: [Security/Http] Remove CSRF tokens from storage on successful login · symfony/security-bundle@076fd20

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.

CVE-2021-36570: FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability · Issue #579 · daylightstudio/FUEL-CMS

Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.

CVE-2021-36569: FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability · Issue #578 · daylightstudio/FUEL-CMS

Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.

CVE-2021-36443: CSRF vulnerability in imcat v5.4 · Issue #9 · peacexie/imcat

Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.

CVE-2021-36426: Arbitrary file upload vulnerability · Issue #312 · slackero/phpwcms

File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.

CVE-2021-36425: Arbitrary file deletion vulnerability · Issue #311 · slackero/phpwcms

Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.