CVE Catalog

CVE-2025-45953

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile - higher than 28% of all known CVEs

Summary

A vulnerability in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel (Change Password component) allows session hijacking. Improper session data handling enables remote session takeover.

Risk Assessment

An attacker can hijack an admin or user session, gaining unauthorized access to the hostel management system, potentially leading to data theft or configuration changes.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, implement session protection mechanisms such as session ID regeneration after login and use of HttpOnly and Secure flags for cookies.

Original NVD description (English source)

A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely

Vulnerability data from NVD (NIST) · CISA KEV · EPSS