CRITICAL🇵🇱 Wersja polska

CVE-2025-57118

CVSS 9.8v3.1pub. 2025-09-15upd. 2025-09-18

An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php

🤖 AI Analysis
How it works

The attacker exploits improper privilege management (CWE-269) in the application's index.php file. Lack of proper access level verification enables execution of operations reserved for privileged users without prior authentication. The attack vector is network-based, requires no privileges or user interaction, which significantly lowers the barrier to entry for the attacker.

Impact

An attacker can gain unauthorized access to the system's administrative functions, leading to complete compromise of the confidentiality, integrity, and availability of the application and stored data.

Mitigation & patch

Security patches available from the vendor should be applied according to references. Until the fix is deployed, it is recommended to restrict application access only to trusted networks or implement an additional authentication layer at the web server level (e.g., through a firewall or reverse proxy).

Who is affected

PHPGurukul Online Library Management System v3.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phpgurukul Online Library Management System

    APP
    Phpgurukul
    3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-57119CRITICAL9.8PL ✓ten sam produkt

Eskalacja uprawnień w Phpgurukul Online Library Management System v.3.0

CVE-2025-50488HIGH7.1ten sam produkt

Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Manag...

CVE-2025-7600LOW2.1ten sam produkt

A vulnerability, which was classified as critical, was found in PHPGurukul Online Library Management System 3....

CVE-2025-7601LOW2.0ten sam produkt

A vulnerability has been found in PHPGurukul Online Library Management System 3.0 and classified as problemati...

CVE-2025-2093LOW2.3ten sam produkt

A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problema...