{"id":"CVE-2025-63712","details":"Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection.","modified":"2026-03-13T03:40:53.129080Z","published":"2025-11-10T15:15:38.240Z","references":[{"type":"WEB","url":"https://www.sourcecodester.com/php/17883/web-based-product-alert-system.html"},{"type":"EVIDENCE","url":"https://github.com/floccocam-cpu/CVE-Research-2025/blob/main/CVE-2025-63712/README4.md"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63712.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.0"}]}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}