Skip to main content

Car Washing Management System

1 CVEs product

Monthly

CVE-2025-50494 HIGH POC This Week

Session hijacking in PHPGurukul Car Washing Management System v1.0 allows attackers to retain or reuse a doctor account session because the /doctor/change-password.php component fails to invalidate existing sessions after a credential change, publicly available exploit code exists (per the referenced GitHub PoC), though EPSS estimates only a 0.50% exploitation probability and the issue is not on CISA KEV. No public exploit identified as actively used in the wild; the flaw affects only the single unpatched v1.0 release of this niche PHP application.

Information Disclosure PHP Car Washing Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH POC This Week

Session hijacking in PHPGurukul Car Washing Management System v1.0 allows attackers to retain or reuse a doctor account session because the /doctor/change-password.php component fails to invalidate existing sessions after a credential change, publicly available exploit code exists (per the referenced GitHub PoC), though EPSS estimates only a 0.50% exploitation probability and the issue is not on CISA KEV. No public exploit identified as actively used in the wild; the flaw affects only the single unpatched v1.0 release of this niche PHP application.

Information Disclosure PHP Car Washing Management System
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy