CVE-2025-2093
LOWDescription
A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-password.php. The manipulation of the argument email/phone number leads to weak password recovery. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| phpgurukul | online_library_management_system |
References
Frequently Asked Questions
What is CVE-2025-2093? +
How severe is CVE-2025-2093? +
What products are affected by CVE-2025-2093? +
How do I check if I'm vulnerable to CVE-2025-2093? +
Related Vulnerabilities
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An …
Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server …
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a `ClientPasswordReset` record already …
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, …
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in …
The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account …