Description
Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-2586 Vulnerability (CVE-2018-2586)
Magento CVE-2019-8123 Vulnerability (CVE-2019-8123)
WordPress Plugin Broken Link Checker Cross-Site Scripting (1.11.8)
MySQL CVE-2019-2503 Vulnerability (CVE-2019-2503)
WordPress Plugin WP Insightly for Contact Form 7 and Ninja Forms Cross-Site Scripting (1.0.7)