Vulnerability Details CVE-2025-56254
PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.9%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2025-56254
-
cpe:2.3:a:phpgurukul:employee_leave_management_system:2.1