Session Hijacking Vulnerability in PHPGurukul Online Course Registration
CVE-2025-50485

Currently unrated

Key Information:

Vendor: PHPGurukul
Status: Online Course Registration
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-50485?

The PHPGurukul Online Course Registration v3.1 is vulnerable due to improper session invalidation in the /crm/change-password.php component. This flaw can allow attackers to hijack user sessions, potentially gaining unauthorized access to sensitive user information and actions. Proper security measures, including session management best practices, are critical to mitigate such risks.

References

http://online.com

http://phpgurukul.com

https://github.com/VasilVK/CVE/tree/main/CVE-2025-50485

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025