← voltar
CVE-2025-2093

PHPGurukul Online Library Management System change-password.php password recovery

CVSS 2.3 LOWEPSS 0.3%CWE-640
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 2.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
07 mar 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-password.php. The manipulation of the argument email/phone number leads to weak password recovery. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
PHPGurukul · Online Library Management System

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/SECWG/cve/issues/4https://phpgurukul.com/https://vuldb.com/?ctiid.298951https://vuldb.com/?id.298951https://vuldb.com/?submit.515207