CVE-2020-23830

HIGH

SourceCodester Stock Management System <v1.0 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-23830. PoCs published by boku.

AI-analyzed exploit summary This is a functional CSRF exploit targeting Stock Management System 1.0, allowing an attacker to change a victim's username by tricking them into submitting a crafted form. The PoC demonstrates the vulnerability by submitting a POST request to 'changeUsername.php' with predefined parameters.

Description

A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.

Exploits (1)

exploitdb WORKING POC
by boku · textwebappsphp
https://www.exploit-db.com/exploits/48783

This is a functional CSRF exploit targeting Stock Management System 1.0, allowing an attacker to change a victim's username by tricking them into submitting a crafted form. The PoC demonstrates the vulnerability by submitting a POST request to 'changeUsername.php' with predefined parameters.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Stock Management System 1.0
No auth needed
Prerequisites: Victim must be authenticated and visit a malicious page hosting the form
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Product, Third Party Advisory x_refsource_misc
https://www.sourcecodester.com/php/14366/stock-management-system-php.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/48783

Scores

CVSS v3 7.1
EPSS 0.0053
EPSS Percentile 40.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Details

CWE
CWE-352
Status published
Products (1)
stock_management_system_project/stock_management_system 1.0
Published Sep 02, 2020
Tracked Since Feb 18, 2026