CVE-2021-26800

EUVD-2021-13587
Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
user_management_system_in_php_stored_procedure_projectuser_management_system_in_php_stored_procedure
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/Kavisha3/59dac95b268f0d32eab53e659ab59311
https://phpgurukul.com/user-management-system-in-php-using-stored-procedure/
https://gist.github.com/Kavisha3/59dac95b268f0d32eab53e659ab59311
https://phpgurukul.com/user-management-system-in-php-using-stored-procedure/