Cross Site Request Forgery in SourceCodester Packers and Movers Management System
CVE-2024-57523

4.5MEDIUM

Key Information:

Vendor: SourceCodester
Status: Packers and Movers Management System
Vendor: CVE Published:; 6 February 2025

Summary

The vulnerability in SourceCodester Packers and Movers Management System 1.0 exploits a Cross Site Request Forgery (CSRF) flaw in Users.php, enabling attackers to create unauthorized admin accounts. By sending specially crafted requests to an authenticated admin user, an intruder can bypass authentication mechanisms, posing a significant threat to account security and application integrity. Admin users must be vigilant to safeguard against such unauthorized access.

References

http://sourcecodester.com

https://github.com/HackWidMaddy/CVE-2024-57523.

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2025
Vulnerability Reserved
Jan 9, 2025