CVE-2025-56254

Published: Sep 2, 2025Modified: Sep 4, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.

Affected (1)

Products: Phpgurukul: Employee Leave Management System

1 product

Employee Leave Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpgurukul Employee Leave Management System	Version 2.1

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

https://github.com/rishb0/CVEs-Assigned/blob/main/CVE-2025-56254.md

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.