CVE-2025-2093 LOW

CVE-2025-2093: PHPGurukul Online Library Management System change-password.php password recovery

Vendor Phpgurukul

Product Online Library Management System

Weakness CWE-640 · Weak password recovery

Published March 7, 2025

Last update March 7, 2025

View on NVD All CVEs

CVSS base score

2.3/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-password.php. The manipulation of the argument email/phone number leads to weak password recovery. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

March 7, 2025 CVE published

March 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-2093 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/640.html

Related vulnerabilities

CVE-2025-2093: PHPGurukul Online Library Management System change-password.php password recovery

01Description

02Disclosure timeline

03References

04Related CVE