2 matches found
CVE-2025-63712
Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...
The vulnerability of the femanager extension of the TYPO3 content management system allows a hacker to remove arbitrary users.
The vulnerability of the femanager extension of the TYPO3 content management system is related to the lack of access control in the InvitationController function. Exploiting this vulnerability could allow a malicious actor to delete arbitrary users remotely...