Cross Site Request Forgery Vulnerability in Best Employee Management System by SourceCodester
CVE-2025-44185

5.4MEDIUM

Key Information:

Vendor: SourceCodester
Status: Best Employee Management System
Vendor: CVE Published:; 15 May 2025

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2025-44185?

The Best Employee Management System by SourceCodester contains a Cross Site Request Forgery (CSRF) vulnerability that can be exploited through the password parameter in the admin/change_pass.php script. This security flaw allows an attacker to manipulate a logged-in user's session without their consent, potentially enabling unauthorized password changes. Organizations using this system should take immediate precautions to secure their applications and protect sensitive user data.

References

https://www.sourcecodester.com/php/17689/best-employee-ma...

https://www.sourcecodester.com/sites/default/files/downlo...

https://github.com/cumakurt/CVE-SourceCodester-Best-Emplo...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2025
Vulnerability Reserved
Apr 22, 2025