Unknown · Phpgurukul User Management System · CVE-2021-26800
**Name of the Vulnerable Software and Affected Versions**
phpgurukul user management system version V1.0
**Description**
The issue concerns a Cross Site Request Forgery (CSRF) vulnerability in the Change-password.php file of the phpgurukul user management system. This vulnerability allows attackers to change the password of an arbitrary account.
**Recommendations**
For version V1.0, consider implementing proper CSRF token validation in the Change-password.php file to prevent unauthorized password changes. As a temporary workaround, restrict access to the Change-password.php file until a patch is available.