HIGH🇵🇱 Wersja polska

CVE-2025-63712

CVSS 8.8v3.1pub. 2025-11-10upd. 2025-11-18

Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Senior Walter Web Based Pharmacy Product Management System

    APP
    Senior-Walter
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-30573HIGH7.5ten sam produkt

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerabil...

CVE-2026-30576HIGH7.5ten sam produkt

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stoc...

CVE-2026-30575HIGH7.5ten sam produkt

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stoc...

CVE-2026-30574HIGH7.5ten sam produkt

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sale...

CVE-2025-56274HIGH8.1ten sam produkt

SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, whi...