PHPGurukul Student Result Management System CSRF Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Profile Page of PHPGurukul's Student Result Management System Version 2.0. This vulnerability allows attackers to deceive authenticated users into unintentionally changing their account information. By creating a malicious HTML page, an attacker can send unauthorized requests to the vulnerable endpoint '/create-class.php'.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of user account details.

Reproduction

To reproduce this vulnerability, capture the request made when adding a student to a class using an intercepting proxy like Burp Suite. Then, use Burp Suite's 'CSRF PoC Generator' to create a Proof-of-Concept (PoC) and save it as an HTML file. Open this file in a browser where the user is authenticated, and the request to add a student will be automatically sent, without any user interaction.