Skip to main content

Online Library Management System CVE-2025-50488

HIGH
Insufficient Session Expiration (CWE-613)
2025-07-28 cve@mitre.org
7.1
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
vuln.today AI
5.9 MEDIUM

Network-reachable with no app privileges (PR:N) but requires obtaining a session token and victim interaction, raising complexity to AC:H; account access yields high confidentiality, low integrity, no availability impact.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 01:51 vuln.today

DescriptionCVE.org

Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.

AnalysisAI

Session hijacking in PHPGurukul Online Library Management System v3.0 stems from improper session invalidation in /library/change-password.php, where sessions are not properly terminated after credential changes, allowing an attacker who obtains or reuses a still-valid session token to impersonate a victim. Publicly available exploit code exists (GitHub, VasilVK), though there is no public exploit identified as actively exploited in the wild and it is not listed in CISA KEV. EPSS is low at 0.39% (31st percentile), indicating limited predicted mass-exploitation activity despite the available POC.

Technical ContextAI

The affected component is a PHP web application (PHPGurukul Online Library Management System, CPE cpe:2.3:a:phpgurukul:online_library_management_system:3.0) commonly used as a small-scale library catalog and member management portal. The root cause is CWE-613 (Insufficient Session Expiration), where the change-password.php workflow fails to invalidate or rotate the existing session identifier after a security-relevant event such as a password change. In a correctly implemented flow, changing a password should terminate all other active sessions and issue a fresh session token; here, previously issued session cookies remain valid, so a captured or fixed session ID continues to grant authenticated access even after the account owner attempts to secure the account.

RemediationAI

No vendor-released patch identified at time of analysis - no fix version or official PHPGurukul advisory is present in the provided data. As compensating controls, configure the application/server to regenerate the session ID on every privilege or credential change and to invalidate all other active sessions when a password is changed (session_regenerate_id(true) and server-side session store invalidation), which directly addresses CWE-613 but may log users out of concurrent sessions. Enforce short session idle and absolute timeouts, set cookies with HttpOnly, Secure, and SameSite attributes to reduce token theft, and place the application behind a WAF or restrict administrative/member access to trusted networks or VPN to limit exposure while a code fix is developed. Monitor the POC repository (https://github.com/VasilVK/CVE/tree/main/CVE-2025-50488) and PHPGurukul for an official update, and given this is unmaintained-style niche software, consider migrating off it if no patch is released.

More in PHP

View all
CVE-2025-49113 CRITICAL POC
9.9 Jun 02

Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au

CVE-2025-0108 HIGH POC
8.8 Feb 12

Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers

CVE-2024-46506 CRITICAL POC
10.0 May 13

NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection thro

CVE-2025-47916 CRITICAL POC
10.0 May 16

Invision Community 5.0.0 through 5.0.6 contains an unauthenticated remote code execution vulnerability in the template e

CVE-2020-36847 CRITICAL POC
9.8 Jul 12

The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulner

CVE-2025-11749 CRITICAL POC
9.8 Nov 05

The AI Engine WordPress plugin through version 3.1.3 exposes Bearer Token values through the /mcp/v1/ REST API endpoint

CVE-2025-24367 HIGH POC
8.7 Jan 27

Cacti monitoring platform prior to version 1.2.29 allows authenticated users to achieve remote code execution through th

CVE-2025-3102 HIGH POC
8.1 Apr 10

The SureTriggers WordPress plugin through version 1.0.78 contains an authentication bypass due to a missing empty value

CVE-2025-1661 CRITICAL POC
9.8 Mar 11

The HUSKY Products Filter Professional for WooCommerce plugin through version 1.3.6.5 contains a critical Local File Inc

CVE-2025-2563 HIGH POC
8.1 Apr 14

The User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their accou

CVE-2025-13486 CRITICAL POC
9.8 Dec 03

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 thr

CVE-2023-6933 HIGH POC
8.8 Feb 05

PHP Object Injection in the Better Search Replace WordPress plugin (versions up to and including 1.4.4) allows remote un

Share

CVE-2025-50488 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy