exploitDog

CVE-2025-63717

Опубликовано: 07 нояб. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers to trick authenticated users into unknowingly changing their passwords.

Ссылки

https://github.com/floccocam-cpu/CVE-Research-2025/blob/main/CVE-2025-63717/README6.md
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/18340/pet-grooming-management-software-download.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mayurik:pet_grooming_management_software:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00026

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-w3m4-2rp8-wq32

CVSS3: 6.5

github

3 месяца назад

The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers to trick authenticated users into unknowingly changing their passwords.

EPSS

Процентиль: 7%

0.00026

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352