Security Advisory

CVE-2025-63712

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-10 00:00:00

Last updated 2025-11-18 16:39:22

Assigner mitre

State PUBLISHED

Description

Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection.

← Browse all CVEs View on cve.org ↗