PT-2021-17139 · Unknown · Phpgurukul User Management System

Kavisha Sheth

Published

2021-12-16

Updated

2021-12-21

CVE-2021-26800

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions phpgurukul user management system version V1.0

Description The issue concerns a Cross Site Request Forgery (CSRF) vulnerability in the Change-password.php file of the phpgurukul user management system. This vulnerability allows attackers to change the password of an arbitrary account.

Recommendations For version V1.0, consider implementing proper CSRF token validation in the Change-password.php file to prevent unauthorized password changes. As a temporary workaround, restrict access to the Change-password.php file until a patch is available.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2021-26800

Affected Products

Phpgurukul User Management System

PT-2021-17139 · Unknown · Phpgurukul User Management System

CVE-2021-26800

Weakness Enumeration

Related Identifiers

Affected Products

References · 5