SourceCodester Simple Cold Storage Management System Contact Us cross-site request forgery
Description
A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SourceCodester Simple Cold Storage Management System 1.0 is vulnerable to cross-site request forgery in the Contact Us page, allowing remote attackers to perform actions on behalf of authenticated users.
Vulnerability
A cross-site request forgery (CSRF) vulnerability exists in SourceCodester Simple Cold Storage Management System version 1.0 in the Contact Us functionality, specifically in the file /csms/?page=contact_us. The manipulation of requests leads to CSRF, allowing an attacker to trigger unintended actions on behalf of an authenticated user. [1]
Exploitation
An attacker can craft a malicious web page or HTML email that, when visited by an authenticated user, sends a forged request to the vulnerable endpoint. The attack can be launched remotely without requiring any special network position or authentication for the attacker, but relies on the victim being logged into the application. [1]
Impact
Successful exploitation enables the attacker to perform actions within the context of the victim's session, such as modifying contact details or submitting forms, potentially leading to data manipulation or further unauthorized operations. The CIA impact is partial, primarily affecting integrity and availability of the contact functionality. [1]
Mitigation
As of the publication date (2022-10-18), no official patch or fixed version has been released by the vendor. Developers should implement CSRF tokens in all state-changing forms and ensure proper request validation. The affected system is end-of-life and users are advised to migrate to a supported solution. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 1.0
- SourceCodester/Simple Cold Storage Management Systemv5Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2News mentions
0No linked articles in our index yet.