CVE-2025-63712

Publication date

2025-11-10 00:00:00

Family

mitre

State

PUBLISHED

Description

Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection.