CVE-2023-4869 MEDIUM

CVE-2023-4869: SourceCodester Contact Manager App update.php cross-site request forgery

Vendor Sourcecodester

Product Contact Manager App

Weakness CWE-352 · CSRF

Published September 10, 2023

Last update September 26, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239354 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

September 10, 2023 CVE published

September 26, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4869 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-9945 Optimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings Reset CVE-2025-3979 dazhouda lecms Password Change index.php cross-site request forgery CVE-2025-48083 WordPress wpNamedUsers plugin <= 0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability CVE-2025-13365 WP Hallo Welt <= 1.4. - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2022-36417 WordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability