Skip to main content

Online Course Registration CVE-2025-50485

HIGH
Insufficient Session Expiration (CWE-613)
2025-07-28 cve@mitre.org
7.1
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
vuln.today AI
4.2 MEDIUM

AC:H because the attacker must first obtain a valid session token; UI:R for the victim's password change; C:L/I:L as impact is limited to a single hijacked CRM account.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 02:00 vuln.today

DescriptionCVE.org

Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.

AnalysisAI

Session hijacking in PHPGurukul Online Course Registration v3.1 stems from the /crm/change-password.php component failing to invalidate existing sessions after a password change, letting an attacker who has captured or replayed a victim's session identifier retain authenticated access even after the credential is rotated. Publicly available exploit code exists (GitHub), but the flaw is not listed in CISA KEV and carries a low EPSS score of 0.40% (32nd percentile), indicating limited observed exploitation. The issue chiefly threatens confidentiality of the affected user's CRM account.

Technical ContextAI

PHPGurukul Online Course Registration is a small PHP/MySQL web application distributed as free source code for academic and learning-management use. The root cause is CWE-613 (Insufficient Session Expiration): the password-change routine in /crm/change-password.php updates the stored credential but does not destroy or regenerate the server-side session, so a session token that was valid before the change remains valid afterward. Because PHP session handling here does not tie session lifetime to credential state, a token obtained through sniffing, fixation, or reuse continues to authenticate the holder. The single affected build is identified by cpe:2.3:a:phpgurukul:online_course_registration:3.1.

RemediationAI

No vendor-released patch identified at time of analysis; the references contain only a proof-of-concept (https://github.com/VasilVK/CVE/tree/main/CVE-2025-50485) and no fixed release for PHPGurukul Online Course Registration. As a code-level compensating control, modify /crm/change-password.php to call session_regenerate_id(true) and destroy all other active sessions for the account immediately after a successful password update, forcing re-authentication. Operators should additionally enforce HTTPS site-wide with the Secure and HttpOnly cookie flags to reduce token capture (trade-off: requires TLS configuration), set short session.gc_maxlifetime and cookie lifetimes to shrink the reuse window (trade-off: more frequent logins), and restrict access to the /crm/ interface to trusted networks or VPN where feasible. Monitor for the same session ID used from multiple IPs as a detection stopgap until an upstream fix is confirmed.

More in PHP

View all
CVE-2025-49113 CRITICAL POC
9.9 Jun 02

Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au

CVE-2025-0108 HIGH POC
8.8 Feb 12

Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers

CVE-2024-46506 CRITICAL POC
10.0 May 13

NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection thro

CVE-2025-47916 CRITICAL POC
10.0 May 16

Invision Community 5.0.0 through 5.0.6 contains an unauthenticated remote code execution vulnerability in the template e

CVE-2020-36847 CRITICAL POC
9.8 Jul 12

The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulner

CVE-2025-11749 CRITICAL POC
9.8 Nov 05

The AI Engine WordPress plugin through version 3.1.3 exposes Bearer Token values through the /mcp/v1/ REST API endpoint

CVE-2025-24367 HIGH POC
8.7 Jan 27

Cacti monitoring platform prior to version 1.2.29 allows authenticated users to achieve remote code execution through th

CVE-2025-3102 HIGH POC
8.1 Apr 10

The SureTriggers WordPress plugin through version 1.0.78 contains an authentication bypass due to a missing empty value

CVE-2025-1661 CRITICAL POC
9.8 Mar 11

The HUSKY Products Filter Professional for WooCommerce plugin through version 1.3.6.5 contains a critical Local File Inc

CVE-2025-2563 HIGH POC
8.1 Apr 14

The User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their accou

CVE-2025-13486 CRITICAL POC
9.8 Dec 03

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 thr

CVE-2023-6933 HIGH POC
8.8 Feb 05

PHP Object Injection in the Better Search Replace WordPress plugin (versions up to and including 1.4.4) allows remote un

Share

CVE-2025-50485 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy