PT-2025-21289 · Sourcecodester · Sourcecodester Best Employee Management System
Cuma Kurt
·
Published
2025-05-15
·
Updated
2025-05-15
·
CVE-2025-44185
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
SourceCodester Best Employee Management System version V1.0
Description:
The issue concerns a Cross Site Request Forgery (CSRF) in the
/admin/change pass.php endpoint via the password parameter. This allows for potential unauthorized password changes.Recommendations:
For SourceCodester Best Employee Management System version V1.0, as a temporary workaround, consider disabling the password change functionality in the
/admin/change pass.php endpoint until a patch is available. Restrict access to the /admin/change pass.php endpoint to minimize the risk of exploitation. Avoid using the password parameter in the affected endpoint until the issue is resolved.Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Best Employee Management System