CVE-2025-45949

CRITICAL

PHPGurukul User Registration & Login and User Management System V3.3 - Session Hijacking

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-45949. PoCs published by VasilVK.

AI-analyzed exploit summary The repository contains detailed technical writeups for multiple CVEs, including CVE-2025-45949, describing session fixation vulnerabilities in PHPGurukul systems. Each writeup includes steps to reproduce, impact analysis, and references, demonstrating a clear understanding of the vulnerabilities.

Description

A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover.

Exploits (1)

github WRITEUP
by VasilVK · poc
https://github.com/VasilVK/CVE/tree/main/CVE-2025-45949

The repository contains detailed technical writeups for multiple CVEs, including CVE-2025-45949, describing session fixation vulnerabilities in PHPGurukul systems. Each writeup includes steps to reproduce, impact analysis, and references, demonstrating a clear understanding of the vulnerabilities.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: PHPGurukul User Registration & Login and User Management System V3.3
No auth needed
Prerequisites: access to the target system · ability to manipulate session IDs
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0046
EPSS Percentile 36.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-384
Status published
Products (1)
phpgurukul/user_registration_\&_login_and_user_management_system 3.3
Published Apr 28, 2025
Tracked Since Feb 18, 2026