Session Hijacking Vulnerability in PHPGurukul Online Library Management System
CVE-2025-50488

7.1HIGH

Key Information:

Vendor: PHPGurukul
Status: Online Library Management System
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-50488?

The Online Library Management System by PHPGurukul has a significant vulnerability due to improper session invalidation in the component located at /library/change-password.php. This flaw enables attackers to hijack user sessions, potentially compromising sensitive data and user privacy. Users are encouraged to implement necessary patches or updates to safeguard their systems from unauthorized access.

References

http://phpgurukul.com

http://online.com

https://github.com/VasilVK/CVE/tree/main/CVE-2025-50488

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Jun 16, 2025