CVE-2025-45947

CRITICAL

phpgurukul Online Banquet Booking System V1.2 - Remote Code Execution via Change Password Component

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-45947. PoCs published by VasilVK.

AI-analyzed exploit summary The repository contains detailed technical writeups for multiple CVEs, primarily focusing on session fixation vulnerabilities in various PHPGurukul systems. Each writeup includes steps to reproduce, impact analysis, and references, demonstrating a clear understanding of the vulnerabilities.

Description

An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component

Exploits (1)

github WRITEUP

by VasilVK · poc

https://github.com/VasilVK/CVE/tree/main/CVE-2025-45947

View Code ZIP pw:eip

The repository contains detailed technical writeups for multiple CVEs, primarily focusing on session fixation vulnerabilities in various PHPGurukul systems. Each writeup includes steps to reproduce, impact analysis, and references, demonstrating a clear understanding of the vulnerabilities.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: PHPGurukul Online Banquet Booking System V1.2, PHPGurukul User Registration & Login and User Management System V3.3, PHPGurukul Hostel Management System V2.1, PHPGurukul Small CRM v3.0, PHPGurukul Online Course Registration v3.1, PHPGurukul Blood Bank & Donor Management System V2.4

No auth needed

Prerequisites: Access to the target system's change-password.php endpoint · Ability to manipulate session IDs

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Product

http://phpgurukul.com

Exploit, Third Party Advisory

https://github.com/VasilVK/CVE/blob/main/CVE-2025-45947/README.MD

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0065

EPSS Percentile 46.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

phpgurukul/online_banquet_booking_system 1.2

Published Apr 28, 2025

Tracked Since Feb 18, 2026