CVE Catalog

CVE-2025-45947

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.61%

45th percentile - higher than 45% of all known CVEs

Summary

A vulnerability in the Online Banquet Booking System V1.2 allows a remote attacker to execute arbitrary code via the /obbs/change-password.php file in the change password component.

Risk Assessment

An attacker can take over the server, steal data, or install malware, compromising the confidentiality and integrity of the system.

Recommendation

Immediately update the system to the latest version or apply a security patch, and restrict access to the change-password.php file.

Original NVD description (English source)

An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component

Vulnerability data from NVD (NIST) · CISA KEV · EPSS