Vulnerability Category — CSRF

Chinese name:
跨站请求伪造
CVE ID:
352
Detail:
跨站请求伪造(Cross-site request forgery),也被称为one-click attack或者session riding,通常缩写为CSRF或者XSRF, 是一种挟制用户在当前已登录的Web应用程序上执行非本意的操作的攻击方法。

Related Vulnerabilities

SSV ID Name
SSV-99606 F5 BIG-IP and BIG-IQ iControl CSRF漏洞(CVE-2022-41622)
SSV-98341 华为WS331a产品管理页面存在CSRF漏洞(CVE-2016-6158)
SSV-98325 pfSense Firewall CSRF漏洞(CVE-2019-16667)
SSV-97938 Jeesns CSRF Vulnerability
SSV-97737 Arcadyan ARV7519RW22-A-L T VR9 1.2 Multiple vulnerabilities
SSV-97394 RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery (Add Admin)
SSV-97392 BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)(CVE-2018-12739)
SSV-97391 AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)
SSV-97390 Teradek Slice 7.3.15 CSRF Change Password Exploit
SSV-97387 Teradek Cube 7.3.6 CSRF Change Password Exploit
SSV-97383 Teradek VidiU Pro 3.0.3 CSRF Change Password Exploit
SSV-97381 KYOCERA Net Admin 3.4 CSRF Add Admin Exploit
SSV-97226 Moxa EDR-810 Web Server Cross-Site Request Forgery Vulnerability(CVE-2017-12126)
SSV-97052 ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit
SSV-97041 InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery
SSV-97029 Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution
SSV-96974 SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit
SSV-96948 Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access
SSV-96848 DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities
SSV-96842 NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability
SSV-96841 NethServer 7.3.1611 (create.json) CSRF Create User And Enable SSH Access
SSV-96541 Moxa AWK-3131A Web Application Cross-Site Request Forgery Vulnerability(CVE-2016-8718)
SSV-96437 Openfire 3.6.4 Multiple CSRF Vulnerabilities
SSV-93196 ESPCMS csrf漏洞 导致任意管理员添加
SSV-93191 蝉知cms 6.2 CSRF漏洞
SSV-93063 Jenkins Multiple CSRF vulnerabilities (CVE-2017-1000356)
SSV-93051 WordPress Plugin Quiz And Survey Master (Formerly Quiz Master Next) Multiple Vulnerabilities
SSV-93050 CSRF vulnerability in Multisite Post Duplicator could allow an attacker to do almost anything an admin user can do (WordPress plugin)
SSV-93045 WordPress Plugin Nelio AB Testing Server-Side Request Forgery (SSRF)
SSV-92835 pfsense 2.3.2: CSRF
SSV-92828 Elefant CMS 1.3.12-RC CSRF
SSV-92774 D-Link DIR-816L (Wireless Router) - Cross-Site Request Forgery (CVE-2015-5999)
SSV-92625 dedeCMS 利用友情链接提权漏洞
SSV-92447 Django CSRF Bypass (CVE-2016-7401)
SSV-92325 phpcollab 任意用户创建特权升级--csrf
SSV-92288 Nagios(2.2.1) 网络监控多处 CSRF
SSV-92284 wordpress-"Add From Server"插件CSRF
SSV-92075 WordPress Lazy Content Slider 插件 CSRF漏洞
SSV-91799 MikroTik RouterOS 跨站请求伪造漏洞
SSV-91678 pfSense Firewall <= 2.2.6 - Services CSRF
SSV-91668 Hikvision Digital Video Recorder - Cross-Site Request Forgery
SSV-91666 WPN-XM Serverstack 0.8.6 - Cross Site Request Forgery
SSV-91642 MOBOTIX Video Security Cameras - CSRF Add Admin Exploit
SSV-91596 Phpwind GET型CSRF任意代码执行 漏洞
SSV-91427 Trend Micro Deep Discovery Inspector 3.8, 3.7 - CSRF Vulnerabilities
SSV-91393 Hikvision Digital Video Recorder CSRF 漏洞
SSV-91320 Dating Pro Genie 2015.7 - CSRF Vulnerabilities
SSV-91319 iTop 2.2.1 - CSRF Vulnerability
SSV-91312 Xoops 2.5.7.2 - Arbitrary User Deletions CSRF
SSV-91291 Tipask 2.5 setting.php 存在CSRF漏洞 (结合xss可getshell)
SSV-91290 emlog 5.3.1 store.php CSRF漏洞
SSV-91277 Cmseasy多处CSRF
SSV-91245 TaoCMS v2.5Beta5 存在CSRF漏洞可getshell
SSV-91008 phpMyBackupPro 2.5 - 远程代码执行/CSRF
SSV-90997 Schneider Electric Conext ComBox Ver02.01BN0673 POST类 CSRF
SSV-90849 XZERES 442SR Wind Turbine CSRF漏洞
SSV-90834 pfSense <= 2.2.5 - Config File CSRF漏洞
SSV-90815 Ubiquiti Networks UniFi 3.2.10 - CSRF Vulnerability
SSV-90739 zcms 2.x 后台投稿处 存储型XSS和CSRF漏洞
SSV-90694 destoon v6版 admin.php csrf 漏洞
SSV-90567 PHPCMS后台CSRF
SSV-90160 Belkin N150 Wireless Home Router跨站请求伪造漏洞
SSV-90026 Elasticsearch Kibana跨站请求伪造漏洞
SSV-89956 Cisco TelePresence Video Communication Server跨站请求伪造漏洞
SSV-89954 多款Arris设备跨站请求伪造漏洞
SSV-89897 Cisco Firepower 9000 Series Switches点击劫持漏洞
SSV-89895 HP Operations Orchestration跨站请求伪造漏洞
SSV-89879 TestLink跨站请求伪造漏洞
SSV-89868 Horde Groupware 5.2.10 - CSRF 漏洞
SSV-89864 Horde Groupware跨站请求伪造漏洞
SSV-89812 Oxwall跨站请求伪造漏洞
SSV-89811 Red Hat Enterprise Application Platform跨站请求伪造漏洞
SSV-89810 Infinite Automation Mango Automation跨站请求伪造漏洞
SSV-89754 IBM Security QRadar Incident Forensics跨站请求伪造漏洞
SSV-89746 TYPO3 Typo3 Quixplorer扩展跨站请求伪造漏洞
SSV-89670 X2Engine 4.2 任意文件上传/ CSRF漏洞
SSV-89518 ZeusCart 4.0 - CSRF 漏洞
SSV-89498 Nibbleblog 4.0.3 admin.php CSRF
SSV-89492 Siemens SIMATIC S7-1200固件版本低于4.1.3的设备跨站伪造请求(CSRF)漏洞
SSV-89456 GeniXCMS 0.0.1 /index.php CSRF漏洞
SSV-89426 Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability
SSV-89342 D-Link DIR-600 跨站请求伪造漏洞
SSV-89341 Watu PRO 4.8.8.4 - CSRF
SSV-89267 Pligg CMS 2.0.2 CSRF漏洞
SSV-87405 Who's Who Script - CSRF Exploit (Add Admin Account)
SSV-87355 Tenda A32 Router - CSRF Vulnerability
SSV-87385 Change CMS 3.6.8 - Multiple CSRF Vulnerabilities
SSV-87299 RBS Change Complet Open Source 3.6.8 - CSRF Vulnerability
SSV-87291 OpenFiler 2.99.1 - CSRF Vulnerability
SSV-87283 M/Monit 3.3.2 - CSRF Vulnerability
SSV-87241 Wordpress Bulk Delete Users by Email Plugin 1.0 - CSRF
SSV-87248 IP Board 3.x - CSRF Token hjiacking
SSV-87259 CacheGuard-OS 5.7.7 - CSRF Vulnerability
SSV-87205 Innovaphone PBX Admin-GUI - CSRF Vulnerability
SSV-87169 SkaDate Lite 2.0 - Multiple CSRF And Persistent XSS Vulnerabilities
SSV-87170 Dlink DWR-113 Rev. Ax - CSRF Denial of Service
SSV-87165 Ubiquiti UbiFi / mFi / AirVision - CSRF Vulnerability
SSV-87164 Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities
SSV-82209 Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability
SSV-62204 XCloner Standalone跨站请求伪造漏洞
京ICP备10040895号 京公网安备 11010502034610号 Copyright @ 404 Team from Knownsec. 简体中文