CVE-2025-2090

MEDIUM Year: 2025
CVSS v3 Score
4.7
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-266
View all →

Vulnerability Description

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php of the component Sub Admin Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2024-31760

MEDIUM
CVSS:4.7(Medium)

An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via the Session Expiration component.

CWE-2662024

CVE-2025-25767

MEDIUM
CVSS:4.8(Medium)

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.

CWE-2662025

CVE-2019-3843

MEDIUM
CVSS:4.5(Medium)

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated...

CWE-2662019

CVE-2023-2485

MEDIUM
CVSS:4.9(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A...

CWE-2662023

CVE-2023-3775

MEDIUM
CVSS:4.9(Medium)

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potent...

CWE-2662023

CVE-2024-20466

MEDIUM
CVSS:4.9(Medium)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. Thi...

CWE-2662024