CVE-2025-45947 — Code Injection in Online Banquet Booking System
Severity
9.8CRITICALNVD
EPSS
1.3%
top 20.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 28
Description
An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9