CNNVD-202511-938 Information

CNNVD ID

CNNVD-202511-938

Related CVE

CVE-2025-63712

• CNNVD Published: 2025-11-10

Description (Chinese)

SourceCodester Product Expiry Management System是SourceCodester开源的一个产品过期时间管理系统。 SourceCodester Product Expiry Management System存在安全漏洞，该漏洞源于用户管理模块delete-user.php依赖会话cookie且缺少CSRF保护，可能导致跨站请求伪造攻击。

Description (English)

SourceCodester Project Management System is an out-of-date production time management system from the SourceCodester. The security loophole in the DepartmentCodester Project Management System stems from the user-management module delete-user.php’s reliance on session cookies and the lack of CSRF protection, which may lead to cross-site requests for false attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

SourceCodester

Published

2025-11-10

Last Modified

2026-02-24

References

https://github.com/floccocam-cpu/CVE-Research-2025/blob/main/CVE-2025-63712/README4.md https://www.sourcecodester.com/php/17883/web-based-product-alert-system.html https://access.redhat.com/security/cve/cve-2025-63712