Total
5841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6766 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-05-17 | 5.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247896. | |||||
| CVE-2023-6653 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-05-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6474 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2024-05-17 | 5.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-phlebotomist.php. The manipulation of the argument pid leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246640. | |||||
| CVE-2023-4869 | 1 Contact Manager App Project | 1 Contact Manager App | 2024-05-17 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239354 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-4868 | 1 Contact Manager App Project | 1 Contact Manager App | 2024-05-17 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability. | |||||
| CVE-2023-4837 | 1 Smod | 1 Smodbip | 2024-05-17 | N/A | 8.8 HIGH |
| SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed. | |||||
| CVE-2023-3841 | 1 Nxfilter | 1 Nxfilter | 2024-05-17 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. This vulnerability affects unknown code of the file user.jsp. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235192. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3579 | 1 Hadsky | 1 Hadsky | 2024-05-17 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Affected by this issue is some unknown functionality of the component User Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233372. | |||||
| CVE-2023-3029 | 1 Pythagorean Oa Office System Project | 1 Pythagorean Oa Office System | 2024-05-17 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-39446 | 1 Socomec | 2 Modulys Gp, Modulys Gp Firmware | 2024-05-17 | N/A | 8.8 HIGH |
| Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application. | |||||
| CVE-2023-2474 | 1 Getrebuild | 1 Rebuild | 2024-05-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-22375 | 1 Planex | 2 Cs-wmv02g, Cs-wmv02g Firmware | 2024-05-17 | N/A | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer. | |||||
| CVE-2023-1937 | 1 My-blog Project | 1 My-blog | 2024-05-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264. | |||||
| CVE-2023-0999 | 1 Sales Tracker Management System Project | 1 Sales Tracker Management System | 2024-05-17 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221734 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0988 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-05-17 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221681 was assigned to this vulnerability. | |||||
| CVE-2023-0674 | 1 Xuxueli | 1 Xxl-job | 2024-05-17 | 5.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196. | |||||
| CVE-2022-4944 | 1 Kodcloud | 1 Kodexplorer | 2024-05-17 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000. | |||||
| CVE-2022-4766 | 1 Dolibarr Project Timesheet Project | 1 Dolibarr Project Timesheet | 2024-05-17 | N/A | 6.5 MEDIUM |
| A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a is able to address this issue. The name of the patch is 082282e9dab43963e6c8f03cfaddd7921de377f4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216880. | |||||
| CVE-2022-4633 | 1 Auto Upload Images Project | 1 Auto Upload Images | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. VDB-216482 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4604 | 1 Wp-english-wp-admin Project | 1 Wp-english-wp-admin | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.5.2 is able to address this issue. The name of the patch is ad4ba171c974c65c3456e7c6228f59f40783b33d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216199. | |||||