Open in app

Sign in

Write

Sign in

CVE-2020–25411

Nikhil kumar
May 18, 2021

--

# Exploit Title: Projectworlds Online Examination System 1.0 is vulnerable to CSRF, that allows a remote attacker to delete the existing user

# Exploit Author : Nikhil Kumar

#vendor : Project Worlds

# Application Link : https://github.com/projectworldsofficial/online-examination-systen-in-php

# Version: 1.0

# CVE Link : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25411

# CVE: CVE-2020–25411

What is CSRF :

CSRF stands for Cross Site Request Forgery Attack. It is web security vulnerability in which an attacker forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.

Attack Vector :

An Attacker can modify, delete, or make a new entry of the student, Teachers, Faculties, subjects, scores, location, and Article data.

Vulnerable Components : update.php

Remediation :

https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html

Author: Nikhil Kumar
https://www.linkedin.com/in/nikhil-kumar-4b9443166/

Cve
How To Write Cve
Infosecurity

--

--

Nikhil kumar
Nikhil kumar

Written by Nikhil kumar

2 Followers
2 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams