| عنوان | SourceCodester CET Automated Grading System with AI Predictive Analytics in PHP and MySQL 1.0 Cross Site Request Forgery |
|---|
| الوصف | A cross-site request forgery vulnerability exists in SourceCodester CET Automated Grading System with AI Predictive Analytics in PHP and MySQL 1.0. The application does not use anti-CSRF tokens on sensitive state-changing endpoints such as /index.php?action=manage_subjects, /index.php?action=add_grade, and /index.php?action=manage_system. An attacker can craft a malicious HTML page that forces an authenticated administrator or faculty user to submit unauthorized POST requests. Successful exploitation may allow unauthorized subject creation, grade creation, or system data modification depending on the victim user's privileges.
CWE: CWE-352
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
|---|
| المصدر | ⚠️ https://drive.google.com/drive/folders/1Cl57WiwpucE9-wMpk51M2ZeA6tkOSRyu?usp=sharing |
|---|
| المستخدم | vaibhavnarkhede (UID 94039) |
|---|
| ارسال | 02/05/2026 01:10 PM (1 شهر منذ) |
|---|
| الاعتدال | 26/05/2026 02:53 PM (24 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365638 [SourceCodester CET Automated Grading System with AI Predictive Analytics تزوير طلبات عبر المواقع] |
|---|
| النقاط | 20 |
|---|