exploitDog

CVE-2025-63716

Опубликовано: 07 нояб. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints.

Ссылки

https://github.com/floccocam-cpu/CVE-Research-2025/blob/main/CVE-2025-63716/README5.md
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/17510/leads-manager-tool-using-php-and-mysql-source-code.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rems:leads_manager_tool:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00027

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-rhj9-2v59-8ccx

CVSS3: 6.5

github

3 месяца назад

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints.

EPSS

Процентиль: 7%

0.00027

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352