The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-07-07T00:00:00
Updated: 2024-08-02T16:45:56.237Z
Reserved: 2023-06-21T00:00:00
Link: CVE-2023-36256
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-07T18:15:09.693
Modified: 2023-07-13T18:39:58.747
Link: CVE-2023-36256
Redhat
No data.