CVE-2025-56710

CWE-352 — Cross-Site Request Forgery (CSRF)CWE-401 — Memory Leak4 documents4 sources

Severity

7.3HIGH

EPSS

0.0%

top 97.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Student Result Management System

Timeline

PublishedSep 15

Description

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a malicious HTML page, an attacker can submit unauthorized requests to the vulnerable endpoint: /create-class.php.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:LExploitability: 2.5 | Impact: 4.7

Affected Packages1 packages

▶NVDphpgurukul/student_result_management_system2.0

🔴Vulnerability Details

CVEList

CVE-2025-56710: A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2↗2025-09-15

▶

GHSA

GHSA-457m-59w6-w674: A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2↗2025-09-15

▶

📋Vendor Advisories

Microsoft

ceph: fix memory leak in ceph_direct_read_write()↗2024-12-10

▶