mathavamoorthi

CVE-2025-70899 NOMISEC MEDIUM WORKING POC

PHPgurukul Online Course Registration v3.1 - Cross-Site Request Forgery in Administrative Forms

PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage.

CVSS 6.5

View Code

CVE-2025-70899 WRITEUP MEDIUM WRITEUP

PHPgurukul Online Course Registration v3.1 - Cross-Site Request Forgery in Administrative Forms

PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage.

CVSS 6.5

View Code