| Title | Fabian Ros Simple E-Banking System In PHP With Source Code October 11, 2025 Cross-Site Request Forgery |
|---|
| Description | A Cross-Site Request Forgery (CSRF) vulnerability exists in the Simple E-Banking System by Fabian Ros (version uploaded on October 11, 2025, and potentially earlier versions). The application's withdrawal function, handled by the `/minus.php` script, lacks validation mechanisms like Anti-CSRF tokens. This flaw allows a remote attacker to force an authenticated user to perform unauthorized financial transactions, resulting in arbitrary amounts being withdrawn from the victim's account without their consent. The vulnerability leads to a direct loss of funds. |
|---|
| Source | ⚠️ https://github.com/i4G5d/CRITICAL-SECURITY-VULNERABILITY-REPORT-CSRF-Forced-Withdrawal |
|---|
| User | i4g5d (UID 92060) |
|---|
| Submission | 10/27/2025 15:56 (6 months ago) |
|---|
| Moderation | 11/13/2025 09:52 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 332324 [Fabian Ros/SourceCodester Simple E-Banking System 1.0 cross-site request forgery] |
|---|
| Points | 20 |
|---|