CVE-2020–25408

# Exploit Author : Nikhil Kumar
# Application Link : https://github.com/olotieno/College-Management-System-Php/
# Version: 1.0
# CVE Link : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25408
# CVE: CVE-2020–25408

What is CSRF :

CSRF stands for Cross Site Request Forgery Attack. It is web security vulnerability in which an attacker forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.

Attack Vector :

An Attacker can modify, delete, or make a new entry of the student, Teachers, Faculties, subjects, scores, location, and Article data.

Vulnerable Urls :

http://x.x.x.x/college/everyone.php?tag=student_entry
http://x.x.x.x/college/everyone.php?tag=score_entry&opr=upd&rs_id=1
http://x.x.x.x/college/everyone.php?tag=view_students&opr=del&rs_id=5

Author: Nikhil Kumar
https://www.linkedin.com/in/nikhil-kumar-4b9443166/