CVE-2024-57523

MEDIUM

SourceCodester Packers and Movers Management System 1.0 - Cross-Site Request Forgery in Users.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-57523. PoCs published by HackWidMaddy.

AI-analyzed exploit summary This repository contains a writeup and PoC video for CVE-2024-57523, a CSRF vulnerability in SourceCodester Packers and Movers Management System 1.0, allowing unauthorized admin account creation via crafted requests.

Description

Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user.

Exploits (1)

nomisec WRITEUP

by HackWidMaddy · poc

https://github.com/HackWidMaddy/CVE-2024-57523.

View Code ZIP pw:eip

This repository contains a writeup and PoC video for CVE-2024-57523, a CSRF vulnerability in SourceCodester Packers and Movers Management System 1.0, allowing unauthorized admin account creation via crafted requests.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Packers and Movers Management System 1.0

Auth required

Prerequisites: Authenticated admin user interaction

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product

http://sourcecodester.com

Exploit, Third Party Advisory

https://github.com/HackWidMaddy/CVE-2024-57523.

Scores

CVSS v3 4.5

EPSS 0.0046

EPSS Percentile 36.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

oretnom23/packers_and_movers_management_system 1.0

Published Feb 06, 2025

Tracked Since Feb 18, 2026