CVE-2025-50490

Published: Jul 28, 2025Modified: Jul 29, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.

Affected (1)

Products: Phpgurukul: Student Result Management System

Phpgurukul

1 product

Student Result Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpgurukul Student Result Management System	Version 2.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (3)

http://employee.com

Source: cve@mitre.org

Broken LinkNot Applicable

http://phpgurukul.com

Source: cve@mitre.org

Product

https://github.com/VasilVK/CVE/tree/main/CVE-2025-50490

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.