CVE-2025-15390
HIGH WAF: Low
CVSS 8.8
Published: 2025-12-31
CWE-862 CWE-863 CWE-862
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
WAF Coverage Analysis
Missing Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Missing Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| phpgurukul | small_crm | up to 4.0 |
References
- github.com (Exploit, Third Party Advisory)
- phpgurukul.com (Product)
- vuldb.com (Permissions Required, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)