CSRF Cross-Site Request Forgery

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc. (CVSS:0.0) (Last Update:2018-12-11)

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF. (CVSS:0.0) (Last Update:2018-12-06)

server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. (CVSS:0.0) (Last Update:2018-11-28)

BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. (CVSS:0.0) (Last Update:2018-11-26)

YzmCMS v5.2 has admin/role/add.html CSRF. (CVSS:0.0) (Last Update:2018-12-10)

FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used. (CVSS:0.0) (Last Update:2018-12-06)

sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. (CVSS:0.0) (Last Update:2018-11-26)

tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. (CVSS:0.0) (Last Update:2018-11-26)