anonhaven
Ad

CVE-2026-4968

MEDIUM CVSS 4.0: 5.3 EPSS 0.02%
Updated Mar 30, 2026
PHP
Parameter Value
CVSS 5.3 (MEDIUM)
Type CWE-352 (Cross-Site Request Forgery (CSRF)), CWE-862 (Missing Authorization)
Vendor PHP
Public PoC No

A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery.

The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
None
No data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-352 Cross-Site Request Forgery (CSRF)
CWE-862 Missing Authorization

References 5

https://gist.github.com/Mohdanass/50a525ba0a72e10fda85f0db11eeed92
cna@vuldb.com
https://vuldb.com/?ctiid.353855
cna@vuldb.com
https://vuldb.com/?id.353855
cna@vuldb.com
https://vuldb.com/?submit.777729
cna@vuldb.com
https://www.sourcecodester.com/
cna@vuldb.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6167

Code-Projects

6.9

CVE-2026-6166

Code-Projects

6.9

CVE-2026-6165

PHP

6.9

CVE-2026-6164

PHP

6.9

CVE-2026-6163

PHP

6.9