A CSRF vulnerability exists in GeoVision GV-ASManager web application version 6.1.1.0 or earlier, enabling attackers to create Admin accounts via a crafted GET request. This exploit is often combined with CVE-2024-56903 for a successful CSRF attack.
The PZ Frontend Manager WordPress Plugin version 1.0.5 and below is vulnerable to Cross Site Request Forgery (CSRF) attacks due to lack of CSRF checks in certain areas. This could allow malicious actors to manipulate logged in users into executing unintended actions.
The ABB Cylon Aspect 3.08.02 allows attackers to perform unauthorized actions with administrative privileges by sending malicious HTTP requests to the userManagement.php script. This vulnerability exists due to the lack of proper validation checks on incoming requests, enabling attackers to exploit the system through a logged-in user visiting a malicious website.
A CSRF vulnerability is found in the ABB Cylon FLXeon series. Exploitation is restricted due to the server's CORS configuration, which lacks Access-Control-Allow-Credentials. The exploit conditions include hosting the malicious page on the same domain, Man-in-the-Middle attacks, LAN access, subdomain hosting, and misconfigured CORS policies.
GestioIP v3.5.7 is vulnerable to CSRF attacks due to multiple endpoints. An attacker can trick an authenticated admin to visit a malicious URL, leading to unauthorized actions such as data modification, deletion, or exfiltration.
Blood Bank & Donor Management System version 2.4 is vulnerable to CSRF attacks due to the lack of CSRF tokens for essential functions like logout. By creating a malicious iframe with the logout URL, an attacker can deceive a user into clicking it, resulting in the user being logged out without their knowledge.
The exploit allows an attacker to perform Cross Site Request Forgery (CSRF) on flatCore version 1.5. By tricking an authenticated user into visiting a malicious website, the attacker can upload files to the server due to lack of proper CSRF protection. This vulnerability has been assigned CVE-2019-13961.
Casdoor version 1.901.0 and below has a Cross-Site Request Forgery (CSRF) vulnerability in the /api/set-password endpoint. This vulnerability allows attackers to change a victim user's password through a maliciously crafted URL.
Casdoor version 1.331.0 and below is vulnerable to a CSRF attack in the '/api/set-password' endpoint. This allows an attacker to change a victim user's password by sending a specially crafted URL.
The TEM Opera Plus FM Family Transmitter 35.45 devices are vulnerable to Cross-Site Request Forgery (CSRF) attacks due to lack of proper validation of HTTP requests. An attacker can exploit this vulnerability to perform malicious actions with administrative privileges if a logged-in user visits a specially crafted website. This can lead to unauthorized changes in transmitter settings, such as forward power, frequency, and user credentials.
Services By CQR