CVE-2026-3770
Cross-Site Request Forgery in SourceCodester Lab Management System
Publication date: 2026-03-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oretnom23 | computer_laboratory_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3770 is a Cross-Site Request Forgery (CSRF) vulnerability found in SourceCodester Computer Laboratory Management System version 1.0. The vulnerability exists because the application does not implement any CSRF protection mechanisms on state-changing requests, specifically in the user update functionality handled by the save_users() function in classes/Users.php. This allows an attacker to craft a malicious webpage that, when visited by an authenticated administrator, can send unauthorized POST requests to modify administrator account details without their consent.
The application relies solely on session cookies for authentication but fails to verify the authenticity or origin of POST requests, making it vulnerable to CSRF attacks. Exploitation requires user interaction, such as the administrator visiting a malicious link, and can be carried out remotely.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized modifications of administrator accounts, potentially resulting in privilege escalation or administrative account takeover.
An attacker exploiting this flaw can fully compromise the application by changing administrator details without their knowledge or consent.
Because the attack can be performed remotely and requires only that the administrator interacts with a malicious webpage, it poses a significant security risk to the integrity and control of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized POST requests to the endpoint handling user updates, specifically `/classes/Users.php?f=save` or `/php-lms/classes/Users.php?f=save`.'}, {'type': 'paragraph', 'content': 'Detection involves checking for POST requests that modify administrator accounts without proper CSRF tokens or origin validation.'}, {'type': 'paragraph', 'content': 'You can use network monitoring tools or web server logs to identify suspicious POST requests to this endpoint.'}, {'type': 'list_item', 'content': 'Use command-line tools like `tcpdump` or `Wireshark` to capture HTTP POST traffic targeting `/classes/Users.php?f=save`.'}, {'type': 'list_item', 'content': "Use `grep` on web server logs to find POST requests to the vulnerable endpoint, for example: `grep 'POST /classes/Users.php?f=save' /var/log/apache2/access.log`."}, {'type': 'list_item', 'content': 'Check for missing or invalid CSRF tokens in POST requests if application logs or debugging tools are available.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing anti-CSRF protections on all state-changing requests.
- Add anti-CSRF tokens to forms and validate them server-side before processing POST requests.
- Validate the origin and referer headers of incoming requests to ensure they come from trusted sources.
- Enforce SameSite cookie attributes to prevent cookies from being sent with cross-site requests.
- Restrict administrative access and monitor for suspicious activity on the vulnerable endpoints.
If immediate code changes are not possible, consider restricting access to the vulnerable endpoint via network controls or temporarily disabling the affected functionality.