VDB-329872 · CVE-2025-12202 · CNNVD-202510-3758

ajayrandhawa User-Management-PHP-MYSQL web har fedcf58797bf2791591606f7b61fdad99ad8bff1 Kari ndiyam site laa request forgery

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a ajayrandhawa User-Management-PHP-MYSQL web har fedcf58797bf2791591606f7b61fdad99ad8bff1. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil $software_file, a cikin sashen $software_component. A sa manipulation ka Kari ndiyam site laa request forgery. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-352. Hakika, rauni an bayyana shi 10/25/2025. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2025-12202. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal faɗi ba ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $0-$5k. Wannan samfur yana amfani da rolling release don ci gaba da isar da sabuntawa. Don haka, babu bayanan sigar da abin ya shafa ko sabunta sigar da ake da su. Once again VulDB remains the best source for vulnerability data.

3 Goyarwa · 92 Datenpunkte

Furɗe	Súgá 10/25/2025 08:30	Gargadi 1/2 10/27/2025 04:57	Gargadi 2/2 10/28/2025 22:33
software_vendor	ajayrandhawa	ajayrandhawa	ajayrandhawa
software_name	User-Management-PHP-MYSQL web	User-Management-PHP-MYSQL web	User-Management-PHP-MYSQL web
software_version	<=fedcf58797bf2791591606f7b61fdad99ad8bff1	<=fedcf58797bf2791591606f7b61fdad99ad8bff1	<=fedcf58797bf2791591606f7b61fdad99ad8bff1
software_rollingrelease	1	1	1
vulnerability_cwe	CWE-352 (Kari ndiyam site laa request forgery)	CWE-352 (Kari ndiyam site laa request forgery)	CWE-352 (Kari ndiyam site laa request forgery)
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/Lianhaorui/Report/blob/main/CSRF-10.11.7z	https://github.com/Lianhaorui/Report/blob/main/CSRF-10.11.7z	https://github.com/Lianhaorui/Report/blob/main/CSRF-10.11.7z
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/Lianhaorui/Report/blob/main/CSRF-10.11.7z	https://github.com/Lianhaorui/Report/blob/main/CSRF-10.11.7z	https://github.com/Lianhaorui/Report/blob/main/CSRF-10.11.7z
source_cve	CVE-2025-12202	CVE-2025-12202	CVE-2025-12202
cna_responsible	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
software_type	Database Software	Database Software	Database Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_ui	P	P	P
cvss4_vuldb_vc	N	N	N
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	N	N	N
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.3	4.3	4.3
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9	3.9
cvss3_meta_basescore	4.3	4.3	4.3
cvss3_meta_tempscore	3.9	4.1	4.1
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
advisory_date	1761343200 (10/25/2025)	1761343200 (10/25/2025)	1761343200 (10/25/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.	A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		N	N
cvss4_cna_ui		P	P
cvss4_cna_vc		N	N
cvss4_cna_vi		L	L
cvss4_cna_va		N	N
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		5.3	5.3
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		R	R
cvss3_cna_s		U	U
cvss3_cna_c		N	N
cvss3_cna_i		L	L
cvss3_cna_a		N	N
cvss3_cna_basescore		4.3	4.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		N	N
cvss2_cna_ci		N	N
cvss2_cna_ii		P	P
cvss2_cna_ai		N	N
cvss2_cna_basescore		5	5
cnnvd_id			CNNVD-202510-3758
cnnvd_name			User-Management-PHP-MYSQL 安全漏洞
cnnvd_hazardlevel			3
cnnvd_create			2025-10-28
cnnvd_publish			2025-10-27
cnnvd_update			2025-10-28

◂ Gurɗo Gumti Gada ▸

Do you know our Splunk app?

Download it now for free!