CVE-2025-63712
Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection.
Vendor
Product
CWE
Yayın Tarihi
2025-11-10 15:15:38
Güncelleme
2025-11-18 17:16:12
Source Identifier
cve@mitre.org
KEV Date Added
-