CVE-2020–25411

# Exploit Title: Projectworlds Online Examination System 1.0 is vulnerable to CSRF, that allows a remote attacker to delete the existing user

# Exploit Author : Nikhil Kumar

#vendor : Project Worlds

# Application Link : https://github.com/projectworldsofficial/online-examination-systen-in-php

# Version: 1.0

# CVE Link : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25411

# CVE: CVE-2020–25411

What is CSRF :

CSRF stands for Cross Site Request Forgery Attack. It is web security vulnerability in which an attacker forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.

Attack Vector :

An Attacker can modify, delete, or make a new entry of the student, Teachers, Faculties, subjects, scores, location, and Article data.

Vulnerable Components : update.php

Remediation :

https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html

Author: Nikhil Kumar
https://www.linkedin.com/in/nikhil-kumar-4b9443166/