External risk intelligence

phpgurukul Online Banquet Booking System Code Execution Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2025-45947

This is a web-based application designed for online banquet booking. As an online booking portal, the system is intended to be accessible to customers over the public internet, making the web interface and its associated components, such as user account management pages, commonly exposed to the internet in standard deployments.

Code Injection

Phpgurukul Online Banquet Booking System

1.2

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in the phpgurukul Online Banquet Booking System, specifically in its password change function. This flaw could allow unauthorized individuals to execute arbitrary code, potentially leading to significant system compromise if the system is in use. The main concern is confirming if this specific system and version are deployed within our environment.

  • Code execution flaw in booking system.
  • Criticality demands awareness of exposure.
  • Confirm relevance; assess potential impact.

Attack Path

How an attacker could exploit the issue

An attacker can reach the vulnerable component through the public internet, as the Online Banquet Booking System is designed for online access. The attacker would likely interact with the "My Account - Change Password" feature. If successful, this could lead to the execution of arbitrary code on the system.

  • Accessible via the network.
  • Triggered through the change password feature.
  • Leads to arbitrary code execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in the Online Banquet Booking System could allow an unauthenticated attacker to execute arbitrary code by exploiting the change password functionality. When supported, this could impact the confidentiality, integrity, and availability of the system.

  • System code and data.
  • Via unauthenticated network access.
  • Allows full system compromise.

Operational Fix

Recommended remediation, mitigation, and detection steps

The phpgurukul Online Banquet Booking System, particularly its password change functionality, presents a critical risk due to potential remote code execution. The primary responsibility for addressing this vulnerability likely falls to the team managing the web application and its underlying infrastructure, which could include application owners, platform teams, or dedicated security operations. The immediate first step should be to identify all instances of this system within the environment, assess their internet exposure and business criticality, and then coordinate a remediation plan with the accountable owner.

  • Application owners should manage remediation.
  • Verify internet exposure and criticality first.
  • Plan phased remediation during maintenance windows.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the phpgurukul Online Banquet Booking System?

This software is a web-based application designed to manage event reservations. It provides a digital interface for venues to handle customer bookings and includes user management modules, such as account and password security features, to facilitate administrative and client interactions.

What does CVE-2025-45947 mean?

This vulnerability is classified as CWE-94, which refers to Improper Control of Generation of Code. In this specific case, it means the application fails to properly filter input within its password change component, allowing an attacker to inject and execute their own unauthorized commands on the server hosting the system.

How is this vulnerability triggered?

The flaw is triggered by interacting with the change-password.php file within the application's account management section. It does not require a user to be logged in to initiate the exploit. However, simply visiting the site or browsing public pages without accessing this specific password modification function does not trigger the bug.

Is my system at risk?

Halo Surface Signal indicates that because this software is a web-based booking portal designed for customer access, it is commonly exposed to the public internet. If you have this specific version deployed where it is reachable from the internet, it is considered highly accessible to potential attackers.

What steps should I take if I run this software?

First, locate all instances of the application within your infrastructure to determine if version 1.2 is in use. Once identified, evaluate the system's business criticality and network reachability. Coordinate with your application owners to prioritize a maintenance window for remediation and restrict access to the affected components until a fix is applied.

References