Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-2190)
Grafana Improper Synchronization Vulnerability (CVE-2023-2801)
WordPress Plugin All-in-One WP Migration Security Bypass (2.0.4)
WordPress Plugin Booking Calendar Cross-Site Request Forgery (9.2.1)
WordPress Plugin Polo Video Gallery-Best wordpress video gallery Cross-Site Scripting (1.2)