Rems Leads Manager Tool vulnerabilities

CVE-2025-63716 [MEDIUM] CWE-352 CVE-2025-63716: The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attack The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints.

CVE-2024-7942 [MEDIUM] CWE-79 CVE-2024-7942: A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problemati A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. This vulnerability affects unknown code of the file update-leads.php. The manipulation of the argument phone_number leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-7643 [MEDIUM] CWE-89 CVE-2024-7643: A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affec A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/delete-leads.php of the component Delete Leads Handler. The manipulation of the argument leads leads to sql injection. The attack may be launched remotely. The exploit has been disclos

CVE-2024-7644 [MEDIUM] CWE-79 CVE-2024-7644: A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It has been classified as proble A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-leads.php of the component Add Leads Handler. The manipulation of the argument leads_name/phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploi