CVE-2025-65647

CWE-639Insecure Direct Object Reference3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 85.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Online Shopping Portal
Timeline
PublishedNov 25

Description

Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8mr3-7qjj-m4fq: Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 22025-11-25
CVEList
CVE-2025-65647: Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 22025-11-25
CVE-2025-65647 (MEDIUM CVSS 4.3) | Insecure Direct Object Reference (I | cvebase.io