Cuma Kurt

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Employee Management System version V1.0 Description: The issue concerns a Cross Site Request Forgery (CSRF) in the `/admin/change pass.php` endpoint via the `password` parameter. This allows for potential unauthorized password changes. Recommendations: For SourceCodester Best Employee Management System version V1.0, as a temporary workaround, consider disabling the password change functionality in the `/admin/change pass.php` endpoint until a patch is available. Restrict access to the `/admin/change pass.php` endpoint to minimize the risk of exploitation. Avoid using the `password` parameter in the affected endpoint until the issue is resolved.