PT-2025-16182 · Unknown · Tutorials-Website Employee Management System
Maloyroyorko
·
Published
2025-04-13
·
Updated
2025-04-13
·
CVE-2025-3536
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Tutorials-Website Employee Management System version 1.0
Description:
A critical issue was found in the Tutorials-Website Employee Management System, affecting some unknown functionality of the file /admin/delete-user.php. The manipulation of the
ID argument leads to improper authorization, and the attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond.Recommendations:
As a temporary workaround, consider restricting access to the /admin/delete-user.php file until a patch is available.
Avoid using the
ID argument in the affected API endpoint until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Authorization
Incorrect Privilege Assignment
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tutorials-Website Employee Management System