CVE-2023-6766

LOW Year: 2023
CVSS v3 Score
3.5
Low
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247896.

Related Vulnerabilities

CVE-2016-2998

LOW
CVSS:3.5(Low)

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication o...

CWE-3522016

CVE-2016-3009

LOW
CVSS:3.5(Low)

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary user...

CWE-3522016

CVE-2017-5244

LOW
CVSS:3.5(Low)

Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of th...

CWE-3522017

CVE-2020-18464

LOW
CVSS:3.5(Low)

Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.

CWE-3522020

CVE-2020-28838

LOW
CVSS:3.5(Low)

Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.

CWE-3522020

CVE-2021-26071

LOW
CVSS:3.5(Low)

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymou...

CWE-3522021