Description
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.
Exploits (1)
Scores
CVSS v3
7.1
EPSS
0.0022
EPSS Percentile
44.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Details
CWE
CWE-352
Status
published
Products (1)
stock_management_system_project/stock_management_system
1.0
Published
Sep 02, 2020
Tracked Since
Feb 18, 2026