CVE-2025-2093 – PHPGurukul Online Library Management System change-password.php password recovery

https://notcve.org/view.php?id=CVE-2025-2093

07 Mar 2025 — A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-password.php. The manipulation of the argument email/phone number leads to weak password recovery. The attack can be launched remotely. • https://github.com/SECWG/cve/issues/4 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •