CVE-2025-50485 — Insufficient Session Expiration in Online Course Registration

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 79.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Online Course Registration

Timeline

PublishedJul 28

Description

Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages1 packages

▶NVDphpgurukul/online_course_registration3.1

🔴Vulnerability Details

GHSA

GHSA-f9xm-74vq-4x7m: Improper session invalidation in the component /crm/change-password↗2025-07-28

▶

CVEList

CVE-2025-50485: Improper session invalidation in the component /crm/change-password↗2025-07-28

▶