PT-2025-47574 · Sourcecodester · Sourcecodester Alumni Management System
Mlgzackfly
·
Published
2025-11-20
·
Updated
2025-11-21
·
CVE-2025-13468
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Alumni Management System version 1.0
Description
A weakness exists in the SourceCodester Alumni Management System that allows for missing authorization. The issue is located within the
delete forum, delete career, delete comment, delete gallery, and delete event functions of the admin/admin class.php file, specifically within the Delete Handler component. Manipulation of the ID argument can lead to unauthorized actions. The exploit is publicly available.Recommendations
Apply a fix to address the missing authorization in the
delete forum, delete career, delete comment, delete gallery, and delete event functions of the admin/admin class.php file.Exploit
Fix
Incorrect Authorization
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Alumni Management System