PT-2025-5854 · Sourcecodester · Sourcecodester Packers/Movers Management System
Madhav Shah
·
Published
2025-02-06
·
Updated
2025-02-06
·
CVE-2024-57523
CVSS v3.1
4.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Packers and Movers Management System version 1.0
Description
The issue allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user. This is due to a Cross Site Request Forgery (CSRF) in the Users.php file.
Recommendations
For SourceCodester Packers and Movers Management System version 1.0, consider implementing proper CSRF protection mechanisms, such as tokens, to prevent unauthorized requests. As a temporary workaround, restrict access to the Users.php file and the functionality to create new admin accounts to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Packers/Movers Management System