CVE-2025-4282

MEDIUM

SourceCodester/oretnom23 Stock Management System 1.0 - CSRF

Title source: llm

Description

A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

References (4)

[Exploit, Third Party Advisory] https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/CSRF/info.md

View Exploit ZIP pw:eip

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.307390

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.307390

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.563102

Scores

CVSS v3 4.3

EPSS 0.0015

EPSS Percentile 35.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-862 CWE-352

Status published

Affected Products (1)

oretnom23/stock_management_system

Timeline

Published May 05, 2025

Tracked Since Feb 18, 2026