Car Washing Management System
Monthly
Session hijacking in PHPGurukul Car Washing Management System v1.0 allows attackers to retain or reuse a doctor account session because the /doctor/change-password.php component fails to invalidate existing sessions after a credential change, publicly available exploit code exists (per the referenced GitHub PoC), though EPSS estimates only a 0.50% exploitation probability and the issue is not on CISA KEV. No public exploit identified as actively used in the wild; the flaw affects only the single unpatched v1.0 release of this niche PHP application.
Session hijacking in PHPGurukul Car Washing Management System v1.0 allows attackers to retain or reuse a doctor account session because the /doctor/change-password.php component fails to invalidate existing sessions after a credential change, publicly available exploit code exists (per the referenced GitHub PoC), though EPSS estimates only a 0.50% exploitation probability and the issue is not on CISA KEV. No public exploit identified as actively used in the wild; the flaw affects only the single unpatched v1.0 release of this niche PHP application.