anonhaven
Ad

CVE-2025-63712

HIGH CVSS 3.1: 8.8 EPSS 0.02%
Updated Nov 18, 2025
Senior-Walter
Parameter Value
CVSS 8.8 (HIGH)
Type CWE-352 (Cross-Site Request Forgery (CSRF))
Vendor Senior-Walter
Public PoC No

Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-352 Cross-Site Request Forgery (CSRF)

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Senior-Walter Web-Based_Pharmacy_Product_Management_System
cpe:2.3:a:senior-walter:web-based_pharmacy_product_management_system:1.0:*:*:*:*:*:*:*

References 2

https://github.com/floccocam-cpu/CVE-Research-2025/blob/main/CVE-2025-63712/REA…
cve@mitre.org
https://www.sourcecodester.com/php/17883/web-based-product-alert-system.html
cve@mitre.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-30573

Senior-Walter

7.5

CVE-2026-30576

Senior-Walter

7.5

CVE-2026-30575

Senior-Walter

7.5

CVE-2026-30574

Senior-Walter

7.5

CVE-2025-56018

Senior-Walter

6.1