CVE-2023-4868

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 71.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Contact Manager APP Contact Manager APP Project Contact Manager APP

Timeline

PublishedSep 10

Description

A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sourcecodester/contact_manager_app1.0

▶NVDcontact_manager_app_project/contact_manager_app1.0

🔴Vulnerability Details

GHSA

GHSA-37ff-whmf-mj2q: A vulnerability was found in SourceCodester Contact Manager App 1↗2023-09-10

▶

CVEList

SourceCodester Contact Manager App add.php cross-site request forgery↗2023-09-10

▶