Arbitrary Code Execution Vulnerability in Online Banquet Booking System by phpgurukul
CVE-2025-45947

9.8CRITICAL

Key Information:

Vendor: phpgurukul
Status: Online Banquet Booking System
Vendor: CVE Published:; 28 April 2025

What is CVE-2025-45947?

The Online Banquet Booking System by phpgurukul is susceptible to an arbitrary code execution vulnerability. This flaw exists in the My Account - Change Password component, specifically within the change-password.php file. An attacker can exploit this vulnerability to execute unauthorized commands or code, compromising the system's integrity and potentially exposing sensitive data. Immediate mitigation measures are advised to secure affected installations.

References

http://phpgurukul.com

https://github.com/VasilVK/CVE/blob/main/CVE-2025-45947/R...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2025
Vulnerability Reserved
Apr 22, 2025