PT-2021-11136 · Unknown · Projectsworlds College Management System

Published

2021-05-24

Updated

2021-05-28

CVE-2020-25408

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: ProjectWorlds College Management System Php version 1.0

Description: A Cross-Site Request Forgery (CSRF) issue exists, allowing a remote attacker to modify, delete, or create new entries for student, faculty, teacher, subject, scores, location, and article data.

Recommendations: For ProjectWorlds College Management System Php version 1.0, consider implementing proper CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to sensitive data modification endpoints to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-25408

Affected Products

Projectsworlds College Management System

PT-2021-11136 · Unknown · Projectsworlds College Management System

CVE-2020-25408

Weakness Enumeration

Related Identifiers

Affected Products

References · 5