N/A

Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection.

N/A

N/A

SourceCodester Product Expiry Management System 安全漏洞

SourceCodester Product Expiry Management System是SourceCodester开源的一个产品过期时间管理系统。 SourceCodester Product Expiry Management System存在安全漏洞，该漏洞源于用户管理模块delete-user.php依赖会话cookie且缺少CSRF保护，可能导致跨站请求伪造攻击。

N/A

N/A