Session Hijacking in PHPGurukul Student Result Management System
CVE-2025-50489

7.5HIGH

Key Information:

Vendor

PHPGurukul
Status
Student Result Management System
Vendor
CVE Published:
28 July 2025

What is CVE-2025-50489?

The PHPGurukul Student Result Management System v2.0 is vulnerable to session hijacking due to improper session invalidation in the /srms/change-password.php component. This flaw allows attackers to exploit session management issues, potentially gaining unauthorized access to user sessions. Ensuring robust session handling protocols is crucial to safeguard users from such vulnerabilities.

References

http://student.com
http://phpgurukul.com
https://github.com/VasilVK/CVE/tree/main/CVE-2025-50489

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.