CVE-2025-45949 Information

Description

A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack exploitable remotely and leading to account takeover.

Reference

http://phpgurukul.com https://github.com/VasilVK/CVE/blob/main/CVE-2025-45949/README.MD