Submit #817930: SourceCodester CET Automated Grading System with AI Predictive Analytics in PHP and MySQL 1.0 Cross Site Request Forgeryinfo

TitleSourceCodester CET Automated Grading System with AI Predictive Analytics in PHP and MySQL 1.0 Cross Site Request Forgery
DescriptionA cross-site request forgery vulnerability exists in SourceCodester CET Automated Grading System with AI Predictive Analytics in PHP and MySQL 1.0. The application does not use anti-CSRF tokens on sensitive state-changing endpoints such as /index.php?action=manage_subjects, /index.php?action=add_grade, and /index.php?action=manage_system. An attacker can craft a malicious HTML page that forces an authenticated administrator or faculty user to submit unauthorized POST requests. Successful exploitation may allow unauthorized subject creation, grade creation, or system data modification depending on the victim user's privileges. CWE: CWE-352 CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Source⚠️ https://drive.google.com/drive/folders/1Cl57WiwpucE9-wMpk51M2ZeA6tkOSRyu?usp=sharing
User
 vaibhavnarkhede (UID 94039)
Submission05/02/2026 13:10 (2 months ago)
Moderation05/26/2026 14:53 (24 days later)
StatusAccepted
VulDB entry365638 [SourceCodester CET Automated Grading System with AI Predictive Analytics cross-site request forgery]
Points20

Do you want to use VulDB in your project?

Use the official API to access entries easily!