CVE-2023-0641

Name of the Vulnerable Software and Affected Versions PHPGurukul Employee Leaves Management System version 1.0

Description A vulnerability was found in the PHPGurukul Employee Leaves Management System, affecting an unknown functionality of the file changepassword.php. The manipulation of the newpassword and confirmpassword arguments leads to weak password requirements. The attack can be launched remotely. The exploitation appears to be difficult, but the exploit has been disclosed to the public and may be used.

Recommendations For PHPGurukul Employee Leaves Management System version 1.0, consider implementing strong password requirements to mitigate the risk of exploitation. As a temporary workaround, restrict access to the changepassword.php file until a patch is available. Additionally, avoid using the newpassword and confirmpassword arguments in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.