CVE-2023-47014

MEDIUM

Sourcecodester Sticky Notes App Using PHP with Source Code 1.0 - Cross-Site Request Forgery via add-note.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-47014. PoCs published by emirhanerdogu.

AI-analyzed exploit summary The repository provides a technical analysis of CVE-2023-47014, detailing a CSRF vulnerability in the Sticky Notes App Using PHP v1.0 that can be exploited to trigger a CORS misconfiguration, leading to sensitive information disclosure. The writeup includes request/response examples and PoC images but lacks functional exploit code.

Description

A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php.

Exploits (1)

nomisec WRITEUP 1 stars
by emirhanerdogu · poc
https://github.com/emirhanerdogu/CVE-2023-47014-Sticky-Notes-App-Using-PHP-with-Source-Code-v1.0-CSRF-to-CORS

The repository provides a technical analysis of CVE-2023-47014, detailing a CSRF vulnerability in the Sticky Notes App Using PHP v1.0 that can be exploited to trigger a CORS misconfiguration, leading to sensitive information disclosure. The writeup includes request/response examples and PoC images but lacks functional exploit code.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Sticky Notes App Using PHP with Source Code v1.0
No auth needed
Prerequisites: Access to the vulnerable application · Ability to craft malicious requests
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0034
EPSS Percentile 25.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-352
Status published
Products (1)
remyandrade/sticky_notes_app 1.0
Published Nov 22, 2023
Tracked Since Feb 18, 2026