CVE-2025-45953
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk28th percentile - higher than 28% of all known CVEs
Summary
A vulnerability in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel (Change Password component) allows session hijacking. Improper session data handling enables remote session takeover.
Risk Assessment
An attacker can hijack an admin or user session, gaining unauthorized access to the hostel management system, potentially leading to data theft or configuration changes.
Recommendation
Immediately update the system to the latest version or apply a security patch. Additionally, implement session protection mechanisms such as session ID regeneration after login and use of HttpOnly and Secure flags for cookies.
Original NVD description (English source)
A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely

