Vasil VK

16 exploits Active since Apr 2025
CVE-2025-45947 GITHUB CRITICAL WRITEUP
Phpgurukul Online Banquet Booking System - Code Injection
An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component
CVSS 9.8
CVE-2025-45953 GITHUB CRITICAL WRITEUP
PHPGurukul Hostel Mgt Sys 2.1 - Session Hijacking
A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely
CVSS 9.1
CVE-2025-45949 GITHUB CRITICAL WRITEUP
PHPGurukul User Registration & Login and User Management System V3.3 - Session Hijacking
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover.
CVSS 9.8
CVE-2025-45947 WRITEUP CRITICAL WRITEUP
Phpgurukul Online Banquet Booking System - Code Injection
An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component
CVSS 9.8
CVE-2025-45949 WRITEUP CRITICAL WRITEUP
PHPGurukul User Registration & Login and User Management System V3.3 - Session Hijacking
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover.
CVSS 9.8
CVE-2025-45953 WRITEUP CRITICAL WRITEUP
PHPGurukul Hostel Mgt Sys 2.1 - Session Hijacking
A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely
CVSS 9.1
CVE-2025-50484 WRITEUP HIGH WRITEUP
PHPGurukul Small CRM v3.0 - Info Disclosure
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.
CVSS 7.1
CVE-2025-50485 WRITEUP HIGH WRITEUP
PHPGurukul Online Course Registration <3.1 - Session Hijacking
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.
CVSS 7.1
CVE-2025-50487 WRITEUP HIGH WRITEUP
PHPGurukul Blood Bank & Donor Mgmt Sys <2.4 - Session Hijacking
Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack.
CVSS 7.1
CVE-2025-50488 WRITEUP HIGH WRITEUP
PHPGurukul Online Library Management System <3.0 - Session Hijacking
Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.
CVSS 7.1
CVE-2025-50489 WRITEUP HIGH WRITEUP
PHPGurukul Student Result Management System v2.0 - Info Disclosure
Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
CVSS 7.5
CVE-2025-50490 WRITEUP HIGH WRITEUP
PHPGurukul Student Result Mgt Sys <v2.0 - Session Hijacking
Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
CVSS 7.5
CVE-2025-50491 WRITEUP HIGH WRITEUP
PHPGurukul Bank Locker Management System <v1 - Session Hijacking
Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.
CVSS 7.1
CVE-2025-50492 WRITEUP HIGH WRITEUP
PHPGurukul e-Diary Mgt <v1 - Session Hijacking
Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack.
CVSS 7.5
CVE-2025-50493 WRITEUP HIGH WRITEUP
PHPGurukul Doctor <v1 - Session Hijacking
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
CVSS 7.5
CVE-2025-50494 WRITEUP HIGH WRITEUP
PHPGurukul Car Washing Mgmt <1.0 - Session Hijacking
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.
CVSS 7.5