joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.