Vulnerability Category - 跨站请求伪造 - CSRF - Seebug Vulnerability Platform

Vulnerability Category — CSRF

Chinese name:: 跨站请求伪造

CVE ID：: 352

Detail：: 跨站请求伪造（Cross-site request forgery），也被称为one-click attack或者session riding，通常缩写为CSRF或者XSRF，是一种挟制用户在当前已登录的Web应用程序上执行非本意的操作的攻击方法。

Related Vulnerabilities

SSV ID	Submit Time	Level	Name	Status	Popularity \| Comments
SSV-62168	2014-04-15		Kloxo-MR跨站请求伪造漏洞		1262 \| 0
SSV-62078	2014-04-08		ICOMM 610 Wireless Modem跨站请求伪造漏洞		841 \| 0
SSV-62081	2014-04-08		MediaWiki 'Special:ChangePassword'跨站请求伪造漏洞		1642 \| 0
SSV-62050	2014-04-03		oVirt跨站请求伪造漏洞		603 \| 0
SSV-62042	2014-04-02		WordPress GD Star Rating插件跨站请求伪造漏洞		829 \| 0
SSV-62038	2014-04-02		WordPress Disable Comments插件跨站请求伪造漏洞		566 \| 0
SSV-62018	2014-04-01		WordPress HTML Sitemap插件'inc/AdminPage.php'跨站请求伪造漏洞		956 \| 0
SSV-61960	2014-03-27		Check_MK跨站请求伪造漏洞(CVE-2014-2330)		1372 \| 0
SSV-61963	2014-03-27		Cacti跨站请求伪造漏洞		1457 \| 0
SSV-61953	2014-03-27		IBM Lotus Protector for Mail Security跨站请求伪造漏洞		757 \| 0
SSV-61943	2014-03-26		D-Link DIR-600L跨站请求伪造漏洞		1685 \| 0
SSV-61909	2014-03-25		Ubee EVW3200跨站请求伪造漏洞		632 \| 0
SSV-61919	2014-03-25		IBM Cognos Express跨站请求伪造漏洞		515 \| 0
SSV-61875	2014-03-20		WordPress User Domain Whitelist插件跨站请求伪造漏洞		759 \| 0
SSV-61879	2014-03-20		osCmax跨站请求伪造漏洞		643 \| 0
SSV-61845	2014-03-19		WordPress Subscribe To Comments Reloaded插件跨站请求伪造漏洞		848 \| 0
SSV-61846	2014-03-19		Savsoft Quiz跨站请求伪造漏洞		618 \| 0
SSV-61853	2014-03-19		WordPress XCloner插件跨站请求伪造漏洞		802 \| 0
SSV-61793	2014-03-14		LuxCal Web Calendar跨站请求伪造漏洞		616 \| 0
SSV-61795	2014-03-14		WordPress LayerSlider插件跨站请求伪造漏洞		841 \| 0
SSV-61738	2014-03-11		D-Link DSL-2640U跨站请求伪造漏洞		1450 \| 0
SSV-61737	2014-03-11		D-Link DIR-600跨站请求伪造漏洞		1410 \| 0
SSV-61728	2014-03-11		Huawei E355信息泄漏和跨站请求伪造漏洞		1227 \| 0
SSV-61719	2014-03-11		Serena Dimensions CM跨站请求伪造漏洞		1008 \| 0
SSV-61729	2014-03-11		HostBill Email Templates Configuration Page跨站请求伪造漏洞		796 \| 0
SSV-61656	2014-03-05		WordPress Google Analytics MU插件跨站请求伪造漏洞		884 \| 0
SSV-61638	2014-03-04		WordPress MP3-jPlayer插件跨站请求伪造漏洞		955 \| 0
SSV-61624	2014-03-03		Drupal Content Lock模块跨站请求伪造漏洞		1334 \| 0
SSV-61601	2014-02-28		Piwigo 'ws.php'跨站请求伪造漏洞		1248 \| 0
SSV-61535	2014-02-24		Subrion CMS 3.1.1跨站请求伪造漏洞		867 \| 0
SSV-61434	2014-02-12		D-Link DSL-2750B ADSL Router跨站请求伪造漏洞		1594 \| 0
SSV-61388	2014-02-07		LinPHA 1.3.4多个漏洞		1581 \| 0
SSV-61352	2014-01-20		Built2Go PHP Shopping跨站请求伪造漏洞		1551 \| 0
SSV-61336	2014-01-16		Auto Classifieds Script 2.0添加管理员CSRF漏洞		1616 \| 0
SSV-61331	2014-01-16		PHPJabbers Property Listing Script 2.0添加管理员CSRF漏洞		1500 \| 0
SSV-61312	2014-01-10		EZGenerator跨站请求伪造漏洞		1207 \| 0
SSV-61291	2014-01-07		Technicolor TC7200多个跨站请求伪造漏洞		1568 \| 0
SSV-61289	2014-01-06		Seagate BlackArmor NAS sg2000-2000.1331跨站请求伪造漏洞		1603 \| 0
SSV-61283	2014-01-06		WordPress Custom Website Data插件跨站请求伪造漏洞		755 \| 0
SSV-61238	2013-12-30		JForum login.page adminUsers模块iyonghu权限跨站请求伪造漏洞		1357 \| 0
SSV-61228	2013-12-27		Wordpress AskApache Firefox Adsense插件跨站请求伪造漏洞		947 \| 0
SSV-61187	2013-12-18		Cisco WebEx Training Center跨站请求伪造漏洞		1220 \| 0
SSV-61163	2013-12-17		D-Link DAP-2553跨站脚本和请求伪造漏洞		1513 \| 0
SSV-61168	2013-12-17		Cisco EPC3925跨站请求伪造漏洞		1144 \| 1
SSV-61145	2013-12-17		IBM Cognos Command Center跨站请求伪造漏洞		990 \| 0
SSV-61112	2013-12-16		Apache Tomcat 5.5.25跨站请求伪造漏洞		1739 \| 0
SSV-61088	2013-12-12		PlaySMS SMS Gateway跨站请求伪造漏		1000 \| 0
SSV-60950	2013-08-11		WordPress Xhanch - My Twitter插件跨站请求伪造漏洞(CVE-2013-3253)		669 \| 0
SSV-60842	2013-06-11		WordPress Content Slide插件跨站请求伪造漏洞		852 \| 0
SSV-62313	2013-03-13		flash crossdomain.xml 跨站请求伪造		2120 \| 0
SSV-60497	2012-12-07		Apache Tomcat 跨站请求伪造漏洞		1510 \| 0
SSV-60414	2012-10-08		Drupal Password Policy模块跨站请求伪造和跨站脚本执行漏洞		1030 \| 0
SSV-62295	2012-09-13		PHPCMS V9.17 phpcms/modules/wap/index.php SQL注入漏洞		1352 \| 0
SSV-60365	2012-09-04		MediaWiki 1.x 跨站请求伪造漏洞		1253 \| 0
SSV-60357	2012-09-04		Apache Group Struts 2.x跨站请求伪造和拒绝服务漏洞		1086 \| 0
SSV-60087	2012-05-02		WordPress Anti-CSRF令牌安全绕过漏洞		720 \| 0
SSV-30213	2012-03-23		Drupal Wishlist Module 6.x / 7.x XSS / CSRF		1431 \| 0
SSV-30169	2012-03-05		Drupal CMS version 7.12 suffers from multiple cross site request forgery vulnerabilities		1460 \| 0
SSV-30168	2012-03-03		Endian UTM Firewall v2.4.x & v2.5.0 多个Web安全漏洞		653 \| 0
SSV-30106	2012-02-13		Kloxo LxCenter CP v6.1.10 - Multiple Web Vulnerabilities		1584 \| 0
SSV-30105	2012-02-13		Bugzilla jsonrpc.cgi 跨站请求伪造漏洞		1181 \| 0
SSV-30103	2012-02-13		Zen Cart 'path_to_admin/product.php'跨站请求伪造漏洞		1475 \| 0
SSV-30044	2012-01-24		DirectAdmin ADD Sub Domain CSRF Exploit		1673 \| 0
SSV-26134	2011-12-30		Bugzilla XSS / XSRF / Unauthorized Account Creation		1444 \| 0
SSV-26012	2011-12-05		JBoss Application Server跨站请求伪造漏洞		1382 \| 0
SSV-20916	2011-08-29		cPanel < 11.30.2 Multiple CSRF Vulnerabilities		1683 \| 0
SSV-20765	2011-07-26		phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability		1895 \| 0
SSV-20709	2011-07-07		Joomla 1.6.3 CSRF Exploit		1372 \| 0
SSV-20625	2011-06-16		IBM WebSphere Application Server 7.0.0.13 CSRF Vulnerability		1078 \| 0
SSV-20158	2010-10-12		shopxp html版2.0 CSRF漏洞		1652 \| 0
SSV-19888	2010-06-30		bbPress v1.0.2 Cross-Site Request Forgery		893 \| 0
SSV-19864	2010-06-26		Allomani Songs & Clips Script v2.7.0 - [CSRF] Add Admin Account		836 \| 0
SSV-19837	2010-06-23		PHPWCMS Cross-Site Request Forgery Vulnerability		1484 \| 0
SSV-19818	2010-06-18		Planet 1.1 - [CSRF] Add Admin Account		811 \| 0
SSV-19740	2010-06-04		Sun Solaris 10 ftpd Cross-site request forgery		1280 \| 0
SSV-19448	2010-04-14		Pulse CMS view.php页面跨站请求伪造漏洞		734 \| 0
SSV-19382	2010-04-02		CMS Made Simple 1.7 CSRF Vulnerability		1188 \| 0
SSV-19301	2010-03-20		Multi CSRF vulnerability in DirectAdmin (1.34.4)		1574 \| 0
SSV-19165	2010-02-22		cPanel Multiple CSRF Vulnerabilities		1568 \| 0
SSV-18859	2009-12-30		Wing FTP Server v3.2.4 CSRF Vulnerability		1169 \| 0
SSV-88028	2009-12-25		phpwind 6.0&6.3&7.0 CSRF漏洞		1344 \| 0
SSV-88029	2009-12-25		Discuz! 6.0.0&6.1.0&7.0.0 CSRF漏洞		712 \| 0
SSV-87655	2009-12-21		phpMyAdmin 2.9.1 rc1及之前版本存在多个CSRF漏洞		1427 \| 0
SSV-87639	2009-12-21		WebSphere 7.0.0.7 安全组件的控制台CSRF漏洞		652 \| 0
SSV-18579	2009-12-17		Jobscript4Web 3.5 Multiple CSRF Vulnerability		823 \| 0
SSV-18580	2009-12-17		Matrimony Script CSRF Vulnerability		809 \| 0
SSV-18531	2009-12-15		iGaming CMS v1.5 CSRF Vulnerability		885 \| 0
SSV-15087	2009-12-15		oBlog Persistant XSS, CSRF, Admin Bruteforce		803 \| 0
SSV-18530	2009-12-15		DubSite CMS v1.0 CSRF Vulnerability		815 \| 0
SSV-18522	2009-12-15		Ez News Manager / Pro CSRF Change Admin Password		905 \| 0
SSV-18517	2009-12-14		Traidnt Discovery - [CSRF] Create Staff Account		1017 \| 0
SSV-18509	2009-12-14		AdManagerPro CSRF Create Administrator Account		815 \| 0
SSV-18511	2009-12-14		Easy Banner Pro - [ CSRF ] Create Administrator Account		936 \| 0
SSV-18512	2009-12-14		Text Exchange Pro - [ CSRF ] Create Administrator Account		875 \| 0
SSV-18499	2009-12-14		Redmine <= 0.8.6 CSRF Add Admin User Exploit		1092 \| 0
SSV-18508	2009-12-14		Link Up Gold CSRF - Create Administrator Account		815 \| 0
SSV-18489	2009-12-13		Acc PHP eMail v1.1 - CSRF		1007 \| 0
SSV-18491	2009-12-13		Frog v0.9.5 CSRF Vulnerability		1018 \| 0
SSV-18470	2009-12-11		Chipmunk Newsletter CSRF Vulnerabilities		838 \| 0
SSV-18327	2009-11-24		Quick.Cart 3.4 and Quick.CMS 2.4 CSRF Vulnerabilities		947 \| 0