The vulnerability identified as CVE-2025-50693 affects the PHPGurukul Online DJ Booking Management System version 2.0. It is classified as an Insecure Direct Object Reference (IDOR) vulnerability located in the odms/request-details.php script. IDOR vulnerabilities occur when an application exposes references to internal implementation objects such as files, database records, or keys, without proper access control validation. In this case, the vulnerability allows an attacker to manipulate request parameters to access booking request details that they should not be authorized to view or modify. Since the affected component is a booking management system for DJs, the exposed data could include sensitive client information, booking schedules, and potentially financial or contractual details. The absence of a CVSS score and patch information suggests this vulnerability is newly disclosed and may not yet have a fix or widespread exploitation. No known exploits in the wild have been reported to date. The vulnerability likely requires the attacker to have some level of access to the system, such as a logged-in user, but due to the nature of IDOR, it may not require elevated privileges or complex exploitation techniques. The lack of detailed affected versions and patch links indicates limited public information, but the core issue is a failure in enforcing proper authorization checks on object references within the application code, leading to unauthorized data access risks.

For European organizations using the PHPGurukul Online DJ Booking Management System 2.0, this vulnerability could lead to unauthorized disclosure of sensitive booking and client information, undermining confidentiality. This could result in privacy violations, reputational damage, and potential regulatory non-compliance, especially under GDPR requirements for protecting personal data. Integrity risks exist if attackers can modify booking details, potentially disrupting business operations or causing financial loss. Availability impact is likely limited unless the vulnerability is chained with other exploits to cause denial of service. Given the niche nature of the software (DJ booking management), the overall impact is moderate but significant for affected entities, particularly event management companies, entertainment venues, or freelance DJs operating within Europe. The exposure of client data could also facilitate further targeted attacks such as phishing or social engineering. Since no known exploits are currently reported, the immediate risk is moderate, but the vulnerability should be addressed promptly to prevent future exploitation.

Organizations should immediately audit access control mechanisms within the PHPGurukul Online DJ Booking Management System, focusing on the odms/request-details.php endpoint. Specific mitigation steps include: 1) Implement strict server-side authorization checks to ensure users can only access booking requests associated with their accounts or roles. 2) Employ parameter validation and avoid direct use of user-supplied identifiers without verification. 3) Introduce object-level access control policies, possibly leveraging role-based access control (RBAC) or attribute-based access control (ABAC) models. 4) Monitor logs for unusual access patterns to booking request details that could indicate exploitation attempts. 5) If possible, isolate the booking management system behind additional authentication layers or VPN access to reduce exposure. 6) Engage with the software vendor or community to obtain patches or updates addressing this vulnerability. 7) Educate users about the risks of sharing credentials and encourage strong authentication practices. 8) Conduct penetration testing focused on IDOR and other access control weaknesses to identify and remediate similar issues proactively.