CVE-2025-45953

CRITICAL Year: 2025
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-384
View all →

Vulnerability Description

A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely

Related Vulnerabilities

CVE-2016-8638

CRITICAL
CVSS:9.1(Critical)

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to...

CWE-3842016

CVE-2017-3968

CRITICAL
CVSS:9.1(Critical)

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers t...

CWE-3842017

CVE-2020-12258

CRITICAL
CVSS:9.1(Critical)

rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerabi...

CWE-3842020

CVE-2020-8990

CRITICAL
CVSS:9.1(Critical)

Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation.

CWE-3842020

CVE-2020-9370

CRITICAL
CVSS:9.1(Critical)

HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking.

CWE-3842020

CVE-2022-36437

CRITICAL
CVSS:9.1(Critical)

The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connectio...

CWE-3842022