CVE-2025-50491 — Insufficient Session Expiration in Bank Locker Management System

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 86.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Bank Locker Management System

Timeline

PublishedJul 28

Description

Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages1 packages

▶NVDphpgurukul/bank_locker_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-wvjj-4g8c-4v8v: Improper session invalidation in the component /banker/change-password↗2025-07-28

▶

CVEList

CVE-2025-50491: Improper session invalidation in the component /banker/change-password↗2025-07-28

▶