CVE-2025-13468
MEDIUMSourceCodester Alumni Management System 1.0 - Missing Authorization in Delete Handler
Title source: llmDescription
A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event of the file admin/admin_class.php of the component Delete Handler. Executing manipulation of the argument ID can lead to missing authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.333041
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.333041
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.694826
Exploit, Third Party Advisory exploit
https://hackmd.io/@mlgzackfly/SourceCodester
Product product
https://www.sourcecodester.com/
Scores
CVSS v3
5.4
EPSS
0.0006
EPSS Percentile
18.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
CWE-863
Status
published
Products (1)
oretnom23/alumni_management_system
1.0
Published
Nov 20, 2025
Tracked Since
Feb 18, 2026