SourceCodester Inventory Management System resetPassword.php password recovery_CVE-2025-13565

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.

Basic Information

ID CVE-2025-13565

Source VulDB

Published Nov 23, 2025 at 19:02

Affected Product

Vendor SourceCodester

Product Inventory Management System

Version 1.0

Affected Versions SourceCodester Inventory Management System 1.0

CWE Classification

CWE-640

References

{
    "lastseen": "",
    "description": "A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.",
    "published": "2025-11-23T19:02:06.406Z",
    "modified": "2025-11-23T19:02:06.406Z",
    "type": "cve",
    "title": "SourceCodester Inventory Management System resetPassword.php password recovery",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.333329\nhttps://vuldb.com/?ctiid.333329\nhttps://vuldb.com/?submit.697984\nhttps://www.notion.so/Unauthenticated-Password-Reset-Vulnerability-in-SourceCodester-Inventory-Management-System-2b023917db8c8001b5ecf4c50a54dfbd?source=copy_link\nhttps://www.sourcecodester.com/",
    "id": "CVE-2025-13565",
    "bulletinFamily": "",
    "cwe": [
        "CWE-640"
    ],
    "cvelist": null,
    "sourceData": "SourceCodester Inventory Management System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Inventory Management System",
    "version": "1.0",
    "vendor": "SourceCodester",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}