Vasil Vk

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hostel Management System version 2.1 **Description** A vulnerability was found in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely. The issue is related to the `change-password.php` file, which is part of the Change Password component in the user panel. **Recommendations** For PHPGurukul Hostel Management System version 2.1, consider disabling the Change Password component temporarily until a patch is available to prevent Session Hijacking attacks. Restrict access to the `/hostel/change-password.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.