CVE-2025-7924
BaseFortify
Publication date: 2025-07-21
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpgurukul | online_banquet_booking_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7924 is a Stored Cross-Site Scripting (XSS) vulnerability in the PHPGurukul Online Banquet Booking System version 1.0, specifically in the admin-profile.php file. The vulnerability occurs because the 'adminname' parameter is not properly sanitized or encoded before being displayed in the administrator's profile page. An attacker can inject malicious JavaScript code via a POST request to this parameter, which is then stored and executed when an administrator views their profile. This allows the attacker to execute arbitrary scripts in the context of the admin's browser session. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to several severe impacts including theft of administrator cookies or session tokens, enabling attackers to hijack admin sessions. It can also allow attackers to perform Cross-Site Request Forgery (CSRF)-like attacks, escalate privileges if an admin views the malicious content, exfiltrate sensitive data, or redirect users to malicious websites. Essentially, it compromises the security and integrity of the administrator's account and potentially the entire system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable endpoint /admin/admin-profile.php and testing the adminname parameter for stored cross-site scripting (XSS) by sending crafted POST requests with JavaScript payloads. Additionally, Google dorking can be used to identify vulnerable targets by searching for inurl:admin/admin-profile.php. A sample detection method is to send a POST request with a script payload in the adminname parameter and observe if the script executes when the admin profile page is viewed. Example command using curl: curl -X POST -d "adminname=<script>alert('XSS')</script>" http://targetsite.com/admin/admin-profile.php. Monitoring HTTP traffic for suspicious POST requests to this endpoint and reviewing logs for injected scripts can also help detect exploitation attempts. [2, 3, 1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing server-side output encoding to neutralize injected scripts, validating and sanitizing input to reject malicious content, and deploying a Content Security Policy (CSP) to restrict script execution. Using input sanitizers before rendering the adminname parameter can prevent injection. Since no vendor fix is available, consider replacing the affected product with an alternative solution. Monitoring and restricting access to the vulnerable endpoint and educating administrators about the risk can also reduce impact. [2, 3]