CVE-2025-50486

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

7.1HIGH

EPSS

0.1%

top 79.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul E-diary Management System

Timeline

PublishedJul 28

Description

Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages1 packages

▶NVDphpgurukul/e-diary_management_system1.0

🔴Vulnerability Details

CVEList

CVE-2025-50486: Improper session invalidation in the component /carrental/update-password↗2025-07-28

▶

GHSA

GHSA-99w3-f67v-mh94: Improper session invalidation in the component /carrental/update-password↗2025-07-28

▶