Share
## https://sploitus.com/exploit?id=017F9082-C91F-575A-9AFF-09D484917058
# **CVE-2025-63955 โ€“ Cross-Site Request Forgery (CSRF) leading to Account Deletion**

**Discoverer:** Arul N V  
**Severity:** _Medium_ (CVSS: _6.5 โ€“ AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N_)  
**Published:** _Reserved_  
**Vendor:** PHPGurukul  
**Software Link:** [https://phpgurukul.com/student-record-system-php/](https://phpgurukul.com/student-record-system-php/)  
**Affected Version:** Student Record System v3.2  
**Affected Component:** `manage-students.php`  

---
## **Description**

A Cross-Site Request Forgery (CSRF) vulnerability exists in the `manage-students.php` component of **PHPGurukul Student Record System v3.2**.  
An attacker can trick an authenticated administrator into visiting a malicious webpage that silently issues a forged **delete student** request.

Successful exploitation results in the **unauthorized deletion of student accounts**, leading to **Denial of Service (DoS)** and **privilege misuse**, as no CSRF protections or confirmation mechanisms are implemented.

---

## **Impact**

- **Unauthorized deletion** of any student record.
- **Loss of data** leading to **application-level denial of service**.
- **Privilege abuse:** attacker forces admin account to perform unintended actions.
- **Full compromise of integrity** of stored academic data.

---

## **Attack Vector**

To exploit the vulnerability, an authenticated administrator must be tricked into visiting a malicious webpage containing a crafted CSRF payload. No user interaction is needed beyond loading the attacker-controlled page.

---

## **Steps to Reproduce**


1. Navigate to the `login.php` endpoint and log into the application using valid admin credentials.
    ![Image 1](https://raw.githubusercontent.com/Wayne-arul/CVE-Disclosures/main/CVE-2025-63955/images/1.png)

2. Once in the dashboard, click on the **View Students** option.
    ![Image 2](https://raw.githubusercontent.com/Wayne-arul/CVE-Disclosures/main/CVE-2025-63955/images/2.png)

3. Turn on a proxy tool such as Burp Suite to intercept the traffic. Delete any student record and capture that request.
    ![Image 3](https://raw.githubusercontent.com/Wayne-arul/CVE-Disclosures/main/CVE-2025-63955/images/3.png)

4. In Burp Suite, navigate to **Proxy โ†’ Intercept**, where the delete request will appear.
    ![Image 4](https://raw.githubusercontent.com/Wayne-arul/CVE-Disclosures/main/CVE-2025-63955/images/4.png)

5. Right-click on the request and select **Engagement Tools โ†’ Generate CSRF PoC**.
    ![Image 5](https://raw.githubusercontent.com/Wayne-arul/CVE-Disclosures/main/CVE-2025-63955/images/5.png)
6. In the PoC generator, copy the generated HTML code.
    ![Image 6](https://raw.githubusercontent.com/Wayne-arul/CVE-Disclosures/main/CVE-2025-63955/images/6.png)

7. Create a file named `csrf-poc.html` and paste the copied code. Modify the `del` parameter value to `1` so it targets the student with ID 1. Save the file.
    ![Image 7](https://raw.githubusercontent.com/Wayne-arul/CVE-Disclosures/main/CVE-2025-63955/images/7.png)

8. Open the `csrf-poc.html` file in a browser.
    ![Image 8](https://raw.githubusercontent.com/Wayne-arul/CVE-Disclosures/main/CVE-2025-63955/images/8.png)

9. Click the **Submit request** button.
    ![Image 9](https://raw.githubusercontent.com/Wayne-arul/CVE-Disclosures/main/CVE-2025-63955/images/9.png)

10. A popup confirming "student deleted" will appear.
    ![Image 10](https://raw.githubusercontent.com/Wayne-arul/CVE-Disclosures/main/CVE-2025-63955/images/10.png)

11. Navigate to `/manage-students.php` and observe that the student with user ID 1 has been deleted, confirming the CSRF vulnerability.
    ![Image 11](https://raw.githubusercontent.com/Wayne-arul/CVE-Disclosures/main/CVE-2025-63955/images/11.png)

---

## **Proof of Concept**

```
CSRF poc:



    
    
        // Alternative method
        fetch('http://localhost/studentrecordms/manage-students.php?del=1', {
            method: 'GET',
            credentials: 'include'
        });
    


```

---