CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50494
https://notcve.org/view.php?id=CVE-2025-50494
28 Jul 2025 — Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack. La invalidación de sesión incorrecta en el componente /doctor/change-password.php de PHPGurukul Car Washing Management System v1.0 permite a los atacantes ejecutar un ataque de secuestro de sesión. • http://car.com • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-7177 – PHPGurukul Car Washing Management System editcar-washpoint.php sql injection
https://notcve.org/view.php?id=CVE-2025-7177
08 Jul 2025 — A vulnerability was found in PHPGurukul Car Washing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/editcar-washpoint.php. The manipulation of the argument wpid leads to sql injection. The attack may be launched remotely. • https://github.com/y2xsec324/cve/issues/10 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •