CVE-2025-44185

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Employee Management System version V1.0

Description: The issue concerns a Cross Site Request Forgery (CSRF) in the /admin/change pass.php endpoint via the password parameter. This allows for potential unauthorized password changes.

Recommendations: For SourceCodester Best Employee Management System version V1.0, as a temporary workaround, consider disabling the password change functionality in the /admin/change pass.php endpoint until a patch is available. Restrict access to the /admin/change pass.php endpoint to minimize the risk of exploitation. Avoid using the password parameter in the affected endpoint until the issue is resolved.