CVE-2025-50492

HIGH

PHPGurukul e-Diary Mgt <v1 - Session Hijacking

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-50492. PoCs published by sahel0708.

AI-analyzed exploit summary The repository describes a session fixation vulnerability in PHPGurukul e-Diary Management System v1, where improper session invalidation in `/edms/change-password.php` allows attackers to hijack user sessions. The writeup provides steps to reproduce the issue but lacks functional exploit code.

Description

Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack.

Exploits (1)

github WRITEUP
by sahel0708 · poc
https://github.com/sahel0708/CVE/tree/main/CVE-2025-50492

The repository describes a session fixation vulnerability in PHPGurukul e-Diary Management System v1, where improper session invalidation in `/edms/change-password.php` allows attackers to hijack user sessions. The writeup provides steps to reproduce the issue but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: PHPGurukul e-Diary Management System v1
No auth needed
Prerequisites: access to the target system · ability to set a session ID
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0053
EPSS Percentile 40.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (1)
phpgurukul/e-diary_management_system 1.0
Published Jul 28, 2025
Tracked Since Feb 18, 2026