exploitDog

CVE-2025-70899

Опубликовано: 22 янв. 2026

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage.

Ссылки

https://github.com/mathavamoorthi/CVE-2025-70899/blob/main/Missing_CSRF_protection_poc.md
Exploit
Mitigation
Third Party Advisory
https://phpgurukul.com/online-course-registration-free-download/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:online_course_registration:3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 3%

0.00016

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-p55f-69cf-qgpm

CVSS3: 6.5

github

16 дней назад

PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage.

EPSS

Процентиль: 3%

0.00016

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352