A vulnerability, which was classified as problematic, was found in withstars Books-Management-System 1.0. Affected is an unknown function of the file /api/article/del of the component Article Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://github.com/caigo8/CVE-md/blob/main/Blog-System/CSRF.md | Exploit |
| https://github.com/caigo8/CVE-md/blob/main/Blog-System/CSRF.md | Exploit |
| https://vuldb.com/?ctiid.306300 | Permissions Required VDB Entry |
| https://vuldb.com/?id.306300 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.557239 | Third Party Advisory VDB Entry |
Configurations
History
12 May 2025, 19:09
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://vuldb.com/?submit.557239 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?ctiid.306300 - Permissions Required, VDB Entry | |
| References | () https://github.com/caigo8/CVE-md/blob/main/Blog-System/CSRF.md - Exploit | |
| References | () https://vuldb.com/?id.306300 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:a:withstars:books-management-system:1.0:*:*:*:*:*:*:* | |
| CWE | CWE-352 | |
| First Time |
Withstars books-management-system
Withstars |
28 Apr 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-862 |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
27 Apr 2025, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-04-27 09:15
Updated : 2025-05-12 19:09
NVD link : CVE-2025-3964
Mitre link : CVE-2025-3964
JSON object : View
Products Affected
withstars
- books-management-system
CWE
CWE-352
Cross-Site Request Forgery (CSRF)