LOW🇬🇧 English

CVE-2025-2093

CVSS 2.3v4.0pub. 2025-03-07upd. 2025-04-03

A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-password.php. The manipulation of the argument email/phone number leads to weak password recovery. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Phpgurukul Online Library Management System

    APP
    Phpgurukul
    3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-57119CRITICAL9.8PL ✓ten sam produkt

Eskalacja uprawnień w Phpgurukul Online Library Management System v.3.0

CVE-2025-57118CRITICAL9.8PL ✓ten sam produkt

Eskalacja uprawnień w PHPGurukul Online Library Management System v3.0

CVE-2025-50488HIGH7.1ten sam produkt

Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Manag...

CVE-2025-7600LOW2.1ten sam produkt

A vulnerability, which was classified as critical, was found in PHPGurukul Online Library Management System 3....

CVE-2025-7601LOW2.0ten sam produkt

A vulnerability has been found in PHPGurukul Online Library Management System 3.0 and classified as problemati...