CVE-2025-65647

Published: Nov 25, 2025Modified: Dec 1, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter.

Affected (1)

Products: Phpgurukul: Online Shopping Portal

Phpgurukul

1 product

Online Shopping Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpgurukul Online Shopping Portal	Version 2.1

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://github.com/SachuuZ/CVE/tree/main/CVE-2025-65647

Source: cve@mitre.org

ExploitMitigationThird Party Advisory

https://phpgurukul.com/

Source: cve@mitre.org

Product

Timeline

No history available yet.