Leads Manager Tool
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-7643 | Med | 0.41 | 6.3 | 0.01 | Aug 12, 2024 | A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/delete-leads.php of the component Delete Leads Handler. The manipulation of the argument leads leads to sql… | ||
| CVE-2024-7942 | Low | 0.23 | 3.5 | 0.00 | Aug 20, 2024 | A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. This vulnerability affects unknown code of the file update-leads.php. The manipulation of the argument phone_number leads to cross site scripting. The attack can be initiated… | ||
| CVE-2024-7644 | Low | 0.23 | 3.5 | 0.01 | Aug 12, 2024 | A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-leads.php of the component Add Leads Handler. The manipulation of the argument leads_name/phone_number leads to cross… | ||
| CVE-2025-63716 | 0.00 | — | 0.00 | Nov 7, 2025 | The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints. |
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/delete-leads.php of the component Delete Leads Handler. The manipulation of the argument leads leads to sql…
- risk 0.23cvss 3.5epss 0.00
A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. This vulnerability affects unknown code of the file update-leads.php. The manipulation of the argument phone_number leads to cross site scripting. The attack can be initiated…
- risk 0.23cvss 3.5epss 0.01
A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-leads.php of the component Add Leads Handler. The manipulation of the argument leads_name/phone_number leads to cross…
- CVE-2025-63716Nov 7, 2025risk 0.00cvss —epss 0.00
The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints.