CVE-2023-36256

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jul 7, 2023

Updated: Jul 13, 2023

CWE ID 352

Summary

CVE-2023-36256 is a vulnerability affecting the Online Examination System Project 1.0. This issue allows for Cross-Site Request Forgery (CSRF) attacks, enabling an attacker to manipulate admin users into deleting user accounts from the database without their consent. The attacker can construct a malicious link containing the email of the user to be deleted as a parameter, which can be easily manipulated. This vulnerability poses a significant risk for unauthorized data deletion.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r6SkoF
https://www.cve.org/CVERecord?id=CVE-2023-36256
https://nvd.nist.gov/vuln/detail/CVE-2023-36256

Back to Vulnerability Database

CVE-2023-36256

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations