CVE-2025-4282: SourceCodester/oretnom23 Stock Management System Users.php cross-site request forgery
Description
A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In SourceCodester/oretnom23 Stock Management System 1.0 wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht näher bekannte Funktion der Datei /classes/Users.php?f=save. Mittels Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2025-4282
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected Products
Vendor: SourceCodester, oretnom23
Product: Stock Management System
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 6.09% (scored less or equal to compared to others)
EPSS Date: 2025-06-03 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-4282https://vuldb.com/?id.307390
https://vuldb.com/?ctiid.307390
https://vuldb.com/?submit.563102
https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/CSRF/info.md