CVE-2023-36256

Name of the Vulnerable Software and Affected Versions The Online Examination System Project version 1.0

Description The issue allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks. An attacker can create a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data.

Recommendations For version 1.0, consider implementing proper CSRF protection mechanisms to prevent unauthorized actions. As a temporary workaround, restrict access to the user account deletion functionality to minimize the risk of exploitation. Avoid using the email parameter in the URL for deleting user accounts until the issue is resolved.